问题描述
我正在尝试设置WSO2 EMM V2.0.1.我能够在实时服务器上进行设置,并按照此处提供的所有说明进行操作 WSO2开始,直到我配置Android BKS 我配置了提供的所有设置,并且https
正常工作.因此,然后我着手添加一个用户,我注意到的第一件事是Email Configuration
无法正常工作.因此,我无法在其中添加用户.然后我发现我什至不能招募用户.我尝试使用username: admin, password: password
在移动设备上测试用户登录,并且当我使用仿真器进行测试时,然后在使用真实设备时,出现此错误Trust anchor for certification path not found
.这是我的URL SELM EMM URL .经过一些调试后,我注意到它调用此 URL 并传递此参数{"applicationType":"device","callbackUrl":"","clientName":"355972050729590","grantType":"password refresh_token","owner":"admin","tokenScope":"production"}
但不会在Android上添加用户.我有一个WSO2 v1实例,该实例被误删除了.但是,我需要重新备份它.我在这里查看配置
I am trying to setup WSO2 EMM V2.0.1. I was able to set it up on my live server and follow all the instruction provided from here WSO2 Getting Started till I got to Configuring Android BKS I configured all settings provided and my https
which is working fine. So, I then moved to adding a User, first thing I noticed was that Email Configuration
not working. So, I can't add users with there email. Then I noticed that I can't even enrol users. I tried to test user login on the mobile device using username: admin, password: password
and I'm getting this error Trust anchor for certification path not found
when I use an emulator to test and then when I use a real device, I was getting this No peer certificate
. This is my URL SELF EMM URL. After some debugging, I noticed it calls this URL and pass this parameter {"applicationType":"device","callbackUrl":"","clientName":"355972050729590","grantType":"password refresh_token","owner":"admin","tokenScope":"production"}
but it wouldn't add a user on Android. I've an instance of WSO2 v1 which was mistakenly deleted. But, I need to get it back up. And I was looking at the configuration here
public static boolean DEBUG_MODE_ENABLED = false;
public static boolean LOCAL_NOTIFICATIONS_ENABLED = true;
public static boolean GCM_ENABLED = false;
public static String SERVER_IP = "";
public static String SERVER_PORT = "9443";
public static String SERVER_PROTOCOL = "https://";
public static String API_VERSION = "1.0.0";
public static String SERVER_APP_ENDPOINT = "/EMM/api/";
public static String OAUTH_ENDPOINT = "/oauth2/token";
public static String SENDER_ID_ENDPOINT = "devices/sender_id/";
public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/";
public static String LICENSE_ENDPOINT = "devices/license/";
public static String REGISTER_ENDPOINT = "devices/register/";
public static String UNREGISTER_ENDPOINT = "devices/unregister/";
public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/";
public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; <-- There's nothing like this in the Constants.java class
public static final String TRUSTSTORE_PASSWORD = "";
public static final String EULA_TITLE = "POLICY AGREEMENT";
并非全部都在Constant.java类中,并且许多未使用.如果HTTPS是问题,我想切换到http.我无法切换,仍然得到Timeout error
.我尝试了用于HTTPS的40.68.228.207:9443和用于HTTP的40.68.228.207:9763都没有给我对等证书. 请帮助我.
Not all are in the Constant.java class and many which are unused. If HTTPS is the problem, I would like to switch to http. I can't switch, I still get a Timeout error
. And I tried both 40.68.228.207:9443 which is for HTTPS and 40.68.228.207:9763 which is for HTTP both are giving me No peer certificate. Please HELP ME.
您说过,在此处更改电子邮件消息
You said, change email Message here
Customize the email that is being sent out by navigating to the notification-messages.xml file, which is in the <EMM_HOME>/repository/conf directory.
,在指定的整个目录中没有 notification-messages.xml 存在的地方
Customize the email that is being sent out by navigating to the notification-messages.xml file, which is in the <EMM_HOME>/repository/conf directory.
whereby there's nowhere where notification-messages.xml exist in the whole directory specified
我的防火墙配置
-A输入-i lo -j接受-A输入-d 127.0.0.0/8 -j拒绝-A输入-m状态-状态已建立,相关-j接受-A输出-j接受
-A INPUT -i lo -j ACCEPT-A INPUT -d 127.0.0.0/8 -j REJECT-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A OUTPUT -j ACCEPT
-A输入-p tcp --dport 80 -j接受-A输入-p tcp --dport 8080 -j接受-A输入-p tcp --dport 27017 -j接受-A输入-p tcp --dport 1410 -j接受-A输入-p tcp --dport 1450 -j接受-A输入-p tcp --dport 9443 -j接受-A输入-p tcp --dport 9763 -j接受-A输入-p tcp --dport 443 -j接受-A输入-p tcp --dport 1400 -j接受
-A INPUT -p tcp --dport 80 -j ACCEPT-A INPUT -p tcp --dport 8080 -j ACCEPT-A INPUT -p tcp --dport 27017 -j ACCEPT-A INPUT -p tcp --dport 1410 -j ACCEPT-A INPUT -p tcp --dport 1450 -j ACCEPT-A INPUT -p tcp --dport 9443 -j ACCEPT-A INPUT -p tcp --dport 9763 -j ACCEPT-A INPUT -p tcp --dport 443 -j ACCEPT-A INPUT -p tcp --dport 1400 -j ACCEPT
-A输入-p tcp -m状态-状态新--dport 22 -j接受
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
-A输入-p icmp -j接受
-A INPUT -p icmp -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix拒绝iptables:" --log级7
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A输入-p tcp --dport 80 -i eth0 -m状态-状态NEW -m最近-设置-A INPUT -p tcp --dport 80 -i eth0 -m状态-state NEW -m最近-update -seconds 60 -hitcount 15 -j D $
-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set-A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 15 -j D$
-A输入-j DROP-A前进-j DROP
-A INPUT -j DROP-A FORWARD -j DROP
提交
推荐答案
如果您已按照此处.请采取以下步骤,将已获取密钥库中的ssl证书包括在内.
If you have follow the IOS configuration as documented here.Please take the following steps to including the ssl certificates who have acquired in to the keystore.
将下载的证书转换为.pem文件. openssl x509 -in -out 示例:
openssl x509 -in rootcert.crt -out root.pem
openssl x509 -in intermidiatecert.crt -out inter.pem
使用根证书和中间证书创建证书链.
cat <CERTIFCATE 1> <CERTIFICATE 2> ... >> <CERTIFICATE CHAIN>
示例:
cat root.pem inter.pem >> clientcertchain.pem
将SSL证书链文件导出为带有"wso2carbon"作为别名的PKCS12文件.
openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt -CAfile ca_cert.pem -name "<alias>"
示例:
openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CA file clientcertchain.pem -name "wso2carbon"
将生成的p12文件导入到/repository/resources/security目录中的wso2carbon.jks和client-truststore.jks中. keytool -importkeystore -srckeystore .p12 -srcstoretype PKCS12 -destkeystore 示例:
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore client-truststore.jks
注意:
出现提示时,输入密钥库密码和密钥库密钥密码,如wso2carbon.当提示您替换现有名称与wso2carbon相同的条目时,输入yes.
NOTE:
When prompted, enter the keystore password and keystore key password as wso2carbon.When prompted to replace an existing entry that has the same name as wso2carbon, enter yes.
这篇关于设置WSO2 EMM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!