Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

From WSO2 ESB 4.9.0 onwards, in addition to updating axis2.xml with the SSL profile configurations, you can dynamically load the SSL profiles at runtime using a periodic schedule or JMX invocation. Now instead of reloading the entire axis2.xml at runtime, you can reload the new configuration files that contain only the custom profile information for the sender and receiver.To enable dynamic

Enabling dynamic SSL profiles

...

The following configuration changes should be done in the Multi-HTTPS transport receiver and sender.

...

  • Edit the <ESB_HOME>/repository/conf/Axis2/axis2.xml file and add the  dynamicSSLProfilesConfig parameter as follows:

    Code Block
    languagexml
    <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
    .......  
<parameter name="dynamicSSLProfilesConfig">
		<filePath>repository/conf/sslprofiles/senderprofiles.xml</filePath>
		<fileReadInterval>3600000</fileReadInterval>		
	</parameter>
	.......
</transportSender>

  • Create the senderprofiles.xml file with the following configuration in the <ESB_HOME>/repository/conf/sslprofiles directory:

    Info
    titleNote:

    You can configure the file path for the senderprofiles.xml file as required.

    Code Block
    languagexml
    titleConfiguration for senderprofiles.xml
    <parameter name="customSSLProfiles">
	<profile>
		<servers>localhost:8244,192.168.1.234:8245</servers>
		<KeyStore>
			<Location>repository/resources/security/esb.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
		    <KeyPassword>123456</KeyPassword>
        </KeyStore>
		<TrustStore>			
            <Location>repository/resources/security/esbtruststore.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
		</TrustStore>
	</profile>
</parameter>

    The SSL profile will be applied to each request that is sent to the destination server specified within the <servers> element as IP:Port combination.

 

The following table provides information on the parameters that you can set when you enable dynamic SSL profiles:

Parameter NameDescriptionDefault Value
filePath The relative/absolute file path of the custom SSL profile configuration XML file.-
fileReadInterval The time interval (in milliseconds) in which configuration updates will be loaded and applied at runtime. This value should be greater than 1 hour.3600000

Loading SSL profiles dynamically at runtime

You can either use a periodic schedule or a JMX invocation to apply custom profiles at runtime. The following section describes the two options in detail:

  • Periodic schedule - If you use this option, the ESB will automatically check updates of the file content and apply the custom profiles based on the value specified in the fileReadInterval parameter. For example, if you have set the the fileReadInterval as  as 1 hour, the ESB will automatically check updates of the file content and apply the custom profile every 1 hour.

  • JMX Invocation - If you use this option, custom profiles will be applied dynamically by invoking the the notifyFileUpdate method  method in the respective sender/listener MBean under the the ListenerSSLProfileReloader or  or SenderSSLProfileReloader group in JConsole. group in JConsole.

The following table provides information on the parameters that you can set when you enable dynamic SSL profiles:

Parameter NameDescriptionDefault Value
filePath The relative/absolute file path of the custom SSL profile configuration XML file.-
fileReadInterval The time interval (in milliseconds) in which configuration updates will be loaded and applied at runtime. This value should be greater than 1 hour.3600000

Synchronizing the profiles in a cluster

...