WSO2 Identity Server默认使用9443端口,且内置SSL,这里我们使用Apache代理IS服务器,代理时使用StartSSL的Class1免费SSL,配置如下:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName wso2.crscd.org

                ErrorLog ${APACHE_LOG_DIR}/wso2-error.log
                CustomLog ${APACHE_LOG_DIR}/wso2-access.log combined

                ProxyRequests off
                SSLEngine on
                SSLProxyEngine on
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off

                SSLCertificateFile      /etc/ssl/wso2/wso2.crt
                SSLCertificateKeyFile /etc/ssl/wso2/wso2.key
                SSLCertificateChainFile /etc/ssl/wso2/sub.class1.server.ca.pem
                SSLCACertificateFile /etc/ssl/wso2/ca.pem

                ProxyPass / https://127.0.0.1:9443/carbon/
                ProxyPassReverse / https://127.0.0.1:9443/carbon/

                <Proxy *>
                        Order deny,allow
                        Allow from all
                </Proxy>
        </VirtualHost>
</IfModule>

在代理过程中可能遇到如下问题:

  • Reason: Error during SSL Handshake with remote server

解决方法
在配置中增加

SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off

或者通过SSLProxyCACertificateFile设置根证书,而不是直接取消验证。

参考文献

文章目录
  1. 1. 参考文献