/
Setting Up Servers

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Setting Up Servers

Owned by Former user (Deleted)

Preparing the servers

Start the server for each machine where an instance of WSO2 Open Banking is running. Follow the steps below to prepare, and start the servers.

  1. Install Oracle JDK 1.8 or later in all nodes used for the setup.

  2. In the environment variables, update the JAVA_HOME and PATH variables. For instance, you can do this by adding the following to the ~/.bashrc file in Linux or Mac:

    export JAVA_HOME="<JDK_LOCATION>"

export PATH=$PATH:$JAVA_HOME/bin

  3. Loading

  4. Open the ports, as described below.
    WSO2 Open Banking consists of six instances that run in different machines/servers. It is mandatory to open the ports of each server to allow a successful data flow. The six instances mentioned below specify the ports that need to be opened.

    Instance/ProductPortUsage
    WSO2_OBAM9443

    HTTPS servlet transport

    (The default URL of the management console is  https://WSO2_OB_APIM_HOST:9443/carbon )

    8243

    NIO/PT transport HTTPS port

    WSO2_OBKM9446

    HTTPS servlet transport

    (The default URL of the management console is https://WSO2_OB_KM_HOST:9446/carbon )

    WSO2_AM_Analytics9444HTTPS servlet transport
    7612Thrift TCP port to receive events from clients
    7712Thrift SSL port for secure transport where the client is authenticated
    WSO2_EI_Integrator9447HTTPS servlet transport
    8247NIO/PT transport HTTPS port.
    WSO2_EI_BPS9445

    HTTPS servlet transport

    (The default URL of the management console is  https://WSO2_BPS_HOST:9445/carbon )

    WSO2_OBBI_Worker9444HTTPS netty transport
    7612

    Thrift TCP port to receive events from clients

    7712Thrift SSL port for secure transport where the client is authenticated
    WSO2_OBBI_Dashboard9449HTTPS netty transport

Exchanging the certificates

Loading
In order to enable secure communication, we need to install the certificates of each component in others. This will facilitate a Secure Socket Layer (SSL). Follow the steps below to implement this.

  1. Generate a key against the keystore of a particular server. For example, server A with an alias and common name that is equal to the hostname.

    keytool -genkey -alias <keystore_alias> -keyalg RSA -keysize 2048 -validity 3650 -keystore <keystore_path> -storepass <keystore_password> -keypass <key password> -noprompt

  2. Export the public cert of the newly generated key pair.  

    keytool -export -alias <cert_alias> -file <certificate_path> -keystore <keystore path>>

  3. Import the public cert of Server A to the client truststores of all the servers including Server A.

    keytool -import -trustcacerts -alias <cert_alias> -file <certificate_path> -keystore <trustore_path> -storepass <keystore_password> -noprompt

  4. Repeat the above steps for all the servers.

    • If there is an Active Directory/LDAP configured in your deployment, add the AD certificate to the client-truststore of all the servers.
    • If there is an enterprise integrator (EI) instance in your deployment, and if it is connected to a backend, i.e., core banking system (CBS) through a secure connection (ex: SSL), add your backend's certificate to the client-truststore of the EI server.