问题
I am trying to setup WSO2 EMM V2.0.1. I was able to set it up on my live server and follow all the instruction provided from here WSO2 Getting Started till I got to Configuring Android BKS I configured all settings provided and my https
which is working fine. So, I then moved to adding a User, first thing I noticed was that Email Configuration
not working. So, I can't add users with there email. Then I noticed that I can't even enrol users. I tried to test user login on the mobile device using username: admin, password: password
and I'm getting this error Trust anchor for certification path not found
when I use an emulator to test and then when I use a real device, I was getting this No peer certificate
. This is my URL SELF EMM URL. After some debugging, I noticed it calls this URL and pass this parameter {"applicationType":"device","callbackUrl":"","clientName":"355972050729590","grantType":"password refresh_token","owner":"admin","tokenScope":"production"}
but it wouldn't add a user on Android. I've an instance of WSO2 v1 which was mistakenly deleted. But, I need to get it back up. And I was looking at the configuration here
public static boolean DEBUG_MODE_ENABLED = false;
public static boolean LOCAL_NOTIFICATIONS_ENABLED = true;
public static boolean GCM_ENABLED = false;
public static String SERVER_IP = "";
public static String SERVER_PORT = "9443";
public static String SERVER_PROTOCOL = "https://";
public static String API_VERSION = "1.0.0";
public static String SERVER_APP_ENDPOINT = "/EMM/api/";
public static String OAUTH_ENDPOINT = "/oauth2/token";
public static String SENDER_ID_ENDPOINT = "devices/sender_id/";
public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/";
public static String LICENSE_ENDPOINT = "devices/license/";
public static String REGISTER_ENDPOINT = "devices/register/";
public static String UNREGISTER_ENDPOINT = "devices/unregister/";
public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/";
public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; <-- There's nothing like this in the Constants.java class
public static final String TRUSTSTORE_PASSWORD = "";
public static final String EULA_TITLE = "POLICY AGREEMENT";
Not all are in the Constant.java class and many which are unused. If HTTPS is the problem, I would like to switch to http. I can't switch, I still get a Timeout error
. And I tried both 40.68.228.207:9443 which is for HTTPS and 40.68.228.207:9763 which is for HTTP both are giving me No peer certificate. Please HELP ME.
You said, change email Message here
Customize the email that is being sent out by navigating to the notification-messages.xml file, which is in the <EMM_HOME>/repository/conf directory.
whereby there's nowhere where notification-messages.xml exist in the whole directory specified
My firewall config
*filter
-A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -j ACCEPT
Allow HTTP and HTTPS connections from anywhere
-A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 8080 -j ACCEPT -A INPUT -p tcp --dport 27017 -j ACCEPT -A INPUT -p tcp --dport 1410 -j ACCEPT -A INPUT -p tcp --dport 1450 -j ACCEPT -A INPUT -p tcp --dport 9443 -j ACCEPT -A INPUT -p tcp --dport 9763 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp --dport 1400 -j ACCEPT
-A INPUT -s -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
Allow SSH connections
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
Allow ping
-A INPUT -p icmp -j ACCEPT
Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
Drop incoming connections if IP make more than 15 connection attempts to port 80 within 60 seconds
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 15 -j D$
Drop all other inbound - default deny unless explicitly allowed policy
-A INPUT -j DROP -A FORWARD -j DROP
COMMIT
回答1:
If you have follow the IOS configuration as documented here. Please take the following steps to including the ssl certificates who have acquired in to the keystore.
Convert the downloaded certificates to .pem files. openssl x509 -in -out Example:
openssl x509 -in rootcert.crt -out root.pem
openssl x509 -in intermidiatecert.crt -out inter.pem
Create a certificate chain with the root and intermediate certifications.
cat <CERTIFCATE 1> <CERTIFICATE 2> ... >> <CERTIFICATE CHAIN>
Example :
cat root.pem inter.pem >> clientcertchain.pem
Export the SSL caertificate chain file as a PKCS12 file with an "wso2carbon" as the alias.
openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt -CAfile ca_cert.pem -name "<alias>"
Example:
openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CA file clientcertchain.pem -name "wso2carbon"
Import the generated p12 file into the wso2carbon.jks and client-truststore.jks in the /repository/resources/security directory. keytool -importkeystore -srckeystore .p12 -srcstoretype PKCS12 -destkeystore Example:
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore client-truststore.jks
NOTE:
When prompted, enter the keystore password and keystore key password as wso2carbon.
When prompted to replace an existing entry that has the same name as wso2carbon, enter yes.
来源:https://stackoverflow.com/questions/36546201/setting-up-wso2-emm