Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Ensure that you have downloaded the latest WUM update. For more details, see Updating WSO2 Products in the WSO2 Administration Guide.
  2. If you are an existing user, follow the instructions given below. 

    1. Run the scripts inside the <APIM_HOME>/dbscripts/apimgt directory, according to your preferred database. For instructions on configuring databases, see Set up the database. Verify that the table AM_CERTIFICATE_METADATA has been created in your database.

    2. Open the <APIM_HOME>/repository/conf/axis2/axis2.xml file. Add the following code under the PassThroughHTTPSSLSender parameter.

      Code Block
      <transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
	...
      <!-- ============================================== -->
      <!-- Configuration for Dynamic SSL Profile loading. -->
      <!-- Configured for 10 mins. -->
      <!-- ============================================== -->
      <parameter name="dynamicSSLProfilesConfig">
              <filePath>repository/resources/security/sslprofiles.xml</filePath>
              <fileReadInterval>600000</fileReadInterval>
      </parameter>
</transportSender>
      Note

      The default time to apply the certificate is 10 minutes. You can configure this by changing the <fileReadInterval> parameter. Note that the time is given in milliseconds.

    3. If you use a different Trust Store/ Keystore configuration in the axis2.xml or carbon.xml files ,modify the KeyStore and TrustStore location in <APIM_HOME>/repository/resources/security/sslprofiles.xml file accordingly. The sslprofiles.xml file is configured with the existing client-truststore.jks

Excerpt
Note

This feature currently supports only the the following formats for keystores and certificates.

  • Keystore : .jks
  • Certificate : .crt

If you need to use a certificate in any other format, you can convert it using a standard tool before uploading.



Info

After configuring, the certificate will be added to the Gateway nodes which are defined under the Environments in api-manager.xml. In a clustering clustered setup, as gateway configurations are identical, sync the <APIM<API-M_HOME>/repository/resources/security/sslprofiles.xml and <APIM<API-M_HOME>/repository/resources/security/client-truststore.jks among the gateway nodes. After the configured interval, the synapse transport will be reloaded in all the gateway nodes.

...