I am currently setting up a dockerized WSO Api Manager. We have got a wildcard certificates for our domain. I successfully transformed it into a java keystore and replaced the two jks files.

When I open the API manager, I get no ssl warnings and the browser marks my connection as secure.

When I try to login I get an error :

In the log files I get :

TID: [-1234] [] [2017-03-24 11:37:55,305]  INFO     
     {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost   
     to    url[https://localhost:9443/services/AuthenticationAdmin]  
     {org.apache.axis2.transport.http.HTTPSender}
javax.net.ssl.SSLException: hostname in certificate didn't match: 
     <localhost> != </*.mydomain.io/mydomain.io/*.mydomain.io>
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:341)
     at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:277)

It looks like the Server is trying to do SSL connections to localhost. So how can I add a matching certificate to the keystore allowing localhost access?

Many thanks!

In the api-manager.xml file , change all references of localhost to match your domain name , restart , and it should be good.

Setting

<parameter name="HostnameVerifier">AllowAll</parameter>

is a security risk , Hostname Verification is there for a reason.

Inside the axis2\axis2.xml file on the conf folder you have to change the https transportSenderto have the following line:

<parameter name="HostnameVerifier">AllowAll</parameter>

Here you can read a little more about that