Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you have a backend with a self-signed certificate (or a certificate which is not signed by a CA) you need to import it to the client-truststore and restart the server. This feature enables you to upload the backend certificate through API Publisher while creating or editing your API. Follow the steps below to add a new certificate to any endpoint. Note that this feature supports only HTTP/REST and HTTP/SOAP endpoints.

Warning

This is available only as a WUM update and is effective from 30th 27th November 2017 (2017-11-3027).

Prerequisites

  1. Ensure that you have downloaded the latest WUM update. For more details, see Updating WSO2 Products in the WSO2 Administration Guide.
  2. If you are an existing user, follow the instructions given below. 
    1. Run the scripts inside the <APIM_WUM_UPDATED_PACK>/dbscripts/apimgt directory, according to your preferred database. For instructions on configuring databases, see Set up the database. Verify that the table AM_CERTIFICATE_METADATA has been created in your database.

    2. Open the <APIM_HOME>/repository/conf/axis2/axis2.xml file. Add the following code under the PassThroughHTTPSSLSender parameter.

      Code Block
      <transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender">
      	...
            <!-- ============================================== -->
            <!-- Configuration for Dynamic SSL Profile loading. -->
            <!-- Configured for 5 mins. -->
            <!-- ============================================== -->
            <parameter name="dynamicSSLProfilesConfig">
                    <filePath>repository/resources/security/sslprofiles.xml</filePath>
                    <fileReadInterval>600000</fileReadInterval>
            </parameter>
      </transportSender>
    3. If you use a different Trust Store/ Keystore configuration in the axis2.xml or carbon.xml files ,modify the KeyStore and TrustStore location in <APIM_WUM_UPDATED_PACK>/repository/resources/security/sslprofiles.xml file accordingly. The sslprofiles.xml file is configured with the existing client-truststore.jks

...