If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • DefaultAndLocalhost: This is the value that is enabled, by default. This means that all hostnames, except the ones listed below, will be verified against the hostnames specified in the product's SSL certificate. That is, the following hostnames will be allowed regardless of the server's certificate.

    • localhost

    • localhost.localdomain

    • 127.0.0.1

    • ::1 

    Note that if the wildcard symbol is used to specify a hostname in the SSL certificate (such as *.foo.com), all the subdomains of *.foo.com are also included. That is, a hostname that matches a subdomain of *.foo.com will also be allowed access.

  • Strict: When this mode is enabled, hostnames will be strictly verified against the hostname specified in the product's SSL certificate. For example, if "*.foo.com" is specified as the hostname in the certificate, only the hostnames at the same level will be authorized by the server. That is, subdomains such as "a.b.foo.com" will not be authorized.

  • AllowAll: This option turns off hostname verification for the server. Note that this is not recommended in a production setup and should only be used for demonstrations and testing.

    Note

    Important!

    If you are disabling hostname verification for WSO2 AM 2.0.0 or 2.1.0, you need to use both system properties listed below.

    Code Block
    -Dorg.wso2.ignoreHostnameVerification=true \
    -Dhttpclient.hostnameVerifier=AllowAll \

    If you are disabling hostname verification for WSO2 EI 6.1.1, you need to use both system properties listed below.

    Code Block
    -Dhttpclient.hostnameVerifier=AllowAll \
    -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \

    If you are disabling hostname verification for WSO2 IS, use the following system properties.

    Code Block
    -Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
    -Dhttpclient.hostnameVerifier="AllowAll" \