HTTPS Servlet Transport
Similar to the HTTP transport, the HTTPS transport consists of a receiver implementation which comes from the Carbon core component and a sender implementation which comes from the Tomcat http connector. In fact, this transport uses exactly the same transport sender implementation as the HTTP transport . The transport receiver implementation of the HTTP transport is available in the Carbon core component. The transport sender implementation comes from the Tomcat http connector. This transport is shipped with WSO2 Carbon and all WSO2 Carbon-based products, which use this transport as the default transport, except WSO2 ESB. By default, we use non-blocking Tomcat Java connector, org.apache.coyo
te.http11.Http11NioProtocol.
Although the axis2.xml
file contains configurations for HTTP/S transports by default, they are not used by WSO2 products. Instead, the products use the HTTP/S transport configurations in Tomcat-level; therefore, changing the HTTP/S configurations in the axis2.xml
file has no effect.
HTTPS servlet transport should be configured in the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml
file, same as with the HTTP servlet transport. The transport class that should be specified in the catalina-server.xml
file is as follows: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"/>
.
Transport connector parameters
In addition to the configuration parameters supported by the HTTP servlet transport, HTTPS servlet transport supports the following configuration parameters:
In the transport parameter tables, the literals displayed in italics under the "Possible Values" column should be considered as fixed literal constant values. Those values can be directly put in transport configurations.
Parameter Name | Description | Possible Values | Default Value |
---|---|---|---|
sslProtocol | Transport level security protocol to be used. | TLS, SSL | TLS |
enableLookups | Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). | true, false | |
clientAuth | Set to true if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. Set to want if you want the SSL stack to request a client Certificate, but not fail if one isn't presented. A false value (which is the default) will not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication. | true, false | |
scheme | Set this attribute to the name of the protocol you wish to have returned by calls to request.getScheme() . | http, https | |
secure | Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver. | true, false | |
SSLEnabled | Use this attribute to enable SSL traffic on a connector. To turn on SSL handshake/encryption/decryption on a connector set this value to true . When turning this value true you will want to set the scheme and the secure attributes as well to pass the correct request.getScheme() and request.isSecure() values to the servlets. For more information see, SSL Support. | true, false | |
keystoreFile | Path to the keystore which should be used for encryption/decryption. | A valid file path to a keystore file |
|
keypass | Password to access the specified keystore. | A valid password |
|
Similar to the servlet HTTP transport, this transport is also based on Apache Tomcat's connector implementation. For a complete list of supported parameters, see Tomcat connector configuration reference.
Defining multiple tomcat connectors
You have the option of defining multiple HTTPS connectors in the catalina-server.xml
file in the same way as for HTTP connectors. See HTTP servlet transport for more information.