If you have a backend with a self-signed certificate (or a certificate which is not signed by a CA) you need to import it to the client-truststore and restart the server. This feature enables you to upload the backend certificate through API Publisher while creating or editing your API. Follow the steps below to add a new certificate to any endpoint. Note that this feature supports only HTTP/REST and HTTP/SOAP endpoints.
Warning |
---|
This is available only as a WUM update and is effective from 30th 27th November 2017 (2017-11-3027). |
Prerequisites
- Ensure that you have downloaded the latest WUM update. For more details, see Updating WSO2 Products in the WSO2 Administration Guide.
- If you are an existing user, follow the instructions given below.
Run the scripts inside the
<APIM_WUM_UPDATED_PACK>/dbscripts/apimgt
directory, according to your preferred database. For instructions on configuring databases, see Set up the database. Verify that the tableAM_CERTIFICATE_METADATA
has been created in your database.Open the
<APIM_HOME>/repository/conf/axis2/axis2.xml
file. Add the following code under thePassThroughHTTPSSLSender
parameter.Code Block <transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender"> ... <!-- ============================================== --> <!-- Configuration for Dynamic SSL Profile loading. --> <!-- Configured for 5 mins. --> <!-- ============================================== --> <parameter name="dynamicSSLProfilesConfig"> <filePath>repository/resources/security/sslprofiles.xml</filePath> <fileReadInterval>600000</fileReadInterval> </parameter> </transportSender>
If you use a different Trust Store/ Keystore configuration in the
axis2.xml
orcarbon.xml
files ,modify the KeyStore and TrustStore location in<APIM_WUM_UPDATED_PACK>/repository/resources/security/sslprofiles.xml
file accordingly. Thesslprofiles.xml
file is configured with the existing client-truststore.jks
...