Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This is available only as a  WUM update and is effective from 22nd October 2018 (2018-10-22). For more information on updating WSO2 API Manager, see Updating WSO2 API Manager.

...

This section explains how to APIs in WSO2 API Manager can be secured using mutual SSL in addition to OAuth2.

...

  1. Create an API.
  2. Edit the API and navigate to the Manage tab.

  3. Select Mutual SSL under API Security.

    Info

    You can select both OAuth2 and Mutual SSL options. This means that the user can access the API using a valid OAuth2 token or using a valid client certificate.

  4. Click Manage Certificates to upload a new client certificate. Select Add New Certificate.


    Insert excerpt
    Dynamic SSL Certificate Installation
    Dynamic SSL Certificate Installation
    nopaneltrue

    Info

    After configuring, the certificate will be added to the Gateway nodes which are defined under the Environments in api-manager.xml. In a clustered setup, as gateway configurations are identical, sync the <API-M_HOME>/repository/resources/security/listenerprofiles.xml and <API-M_HOME>/repository/resources/security/client-truststore.jks among the gateway nodes. After the configured interval, the synapse transport will be reloaded in all the gateway nodes.

  5. Provide an alias and public certificate. Select the tier that should be used to throttle out the calls using this particular client certificate and click Upload.
  6. Save and Publish the API

...