Versions Compared

Old Version 14

changes.mady.by.user Former user

Saved on

compared with

New Version 15

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Edit the <ESB_HOME>/repository/conf/Axis2/axis2.xml file and add the dynamicSSLProfilesConfig parameter as follows to the multi-https transport listener:

    Code Block
    languagexml
    <transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener">
    <parameter name="port">8343</parameter>
    <parameter name="non-blocking">true</parameter>
	..........
	<parameter name="dynamicSSLProfilesConfig">
		<filePath>repository/conf/sslprofiles/listenerprofiles.xml</filePath>
		<fileReadInterval>3600000</fileReadInterval>		
	</parameter>
      .........
</transportReceiver>

  • Create the listenerprofiles.xml file with the following configuration in the <ESB_HOME>/repository/conf/sslprofiles directory:

    Info
    titleNote:

    You can configure the file path for the listenerprofiles.xml file as required.

    Code Block
    languagexml
    titleConfiguration for listenerprofiles.xml
    <parameter name="SSLProfiles">
<profile>
		<bindAddress>192.168.0.123</bindAddress>
		<KeyStore>
			<Location>repository/resources/security/esb.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
			<KeyPassword>123456</KeyPassword>
    		</KeyStore>
		<TrustStore>				
            <Location>repository/resources/security/esbtruststore.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
		</TrustStore>
		<SSLVerifyClient>require</SSLVerifyClient>
  	</profile>
</parameter>

    The SSL profile will be applied to each request that is received at the IP specified within the <bindAddress> element.

...

  • Edit the <ESB_HOME>/repository/conf/Axis2/axis2.xml file and add the  dynamicSSLProfilesConfig parameter as follows:

    Code Block
    languagexml
    <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
    .......  
	<parameter name="dynamicSSLProfilesConfig">
		<filePath>repository/conf/sslprofiles/senderprofiles.xml</filePath>
		<fileReadInterval>3600000</fileReadInterval>		
	</parameter>
	.......
</transportSender>

  • Create the senderprofiles.xml file with the following configuration in the <ESB_HOME>/repository/conf/sslprofiles directory:

    Info
    titleNote:

    You can configure the file path for the senderprofiles.xml file as required.

    Code Block
    languagexml
    titleConfiguration for senderprofiles.xml
    <parameter name="customSSLProfiles">
	<profile>
		<servers>localhost:8244,192.168.1.234:8245</servers>
		<KeyStore>
			<Location>repository/resources/security/esb.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
		    <KeyPassword>123456</KeyPassword>
        </KeyStore>
		<TrustStore>			
            <Location>repository/resources/security/esbtruststore.jks</Location>
			<Type>JKS</Type>
			<Password>123456</Password>
		</TrustStore>
	</profile>
</parameter>

    The SSL profile will be applied to each request that is sent to the destination server specified within the <servers> element as IP:Port combination.

...