This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Setting Up Servers
Preparing the servers
Start the server for each machine where an instance of WSO2 Open Banking is running. Follow the steps below to prepare, and start the servers.
Exchanging the certificates
Updating keystore:
If you are using the default keystores available in the solution, update them by removing any unnecessary or expired Root CA Certificates.
The keystores are available in
<WSO2_OB_IAM_HOME>/repository/resources/security/wso2carbon.jksand<WSO2_OB_APIM_HOME>/repository/resources/security/wso2carbon.jks.List and identify problematic certificates:
keytool -list -v -keystore wso2carbon.jks
Remove the certificates using the alias:
keytool -delete -alias <alias_to_remove> -keystore wso2carbon.jks
For Open Banking UK and Open Banking Berlin:
For the eIDAS regulation, remove all the existing Root CA Certificates as you only need the qualified certificates from the eIDAS Qualified Trusted Service Providers (QTSPs). See the following links for more information:
In order to enable secure communication, we need to install the certificates of each component in others. This will facilitate a Secure Socket Layer (SSL). Follow the steps below to implement this.
Generate a key against the keystore of a particular server. For example, server A with an alias and common name that is equal to the hostname.
keytool -genkey -alias <keystore_alias> -keyalg RSA -keysize 2048 -validity 3650 -keystore <keystore_path> -storepass <keystore_password> -keypass <key password> -nopromptExport the public cert of the newly generated key pair.
keytool -export -alias <cert_alias> -file <certificate_path> -keystore <keystore path>>Import the public cert of Server A to the client truststores of all the servers including Server A.
keytool -import -trustcacerts -alias <cert_alias> -file <certificate_path> -keystore <trustore_path> -storepass <keystore_password> -nopromptRepeat the above steps for all the servers.
WSO2 Open Banking Distributed Cache
This is only available as a WSO2 Update from WSO2 Open Banking API Manager Level 2.0.0.125 and WSO2 Open Banking Identity Server 2.0.0.133 onwards. For more information on updating, see Getting WSO2 Updates.
WSO2 Open Banking Distributed Cache is a caching service that creates a clustered cache among one or more WSO2 API Manager or Identity Server instances. Distributed Cache is based on the Hazelcast IMDG library. This cache can be used as a single instance cache as well.
Distribute Cache has two types of network configurations to recognize clustered members:
TCP-IP
Multicast
Configure the deployment.toml file of the instance based on your caching requirements.
<IS_HOME>/repository/conf/deployment.tomlor<APIM_HOME>/repository/conf/deployment.toml
Common configurations
TCP configurations
If open_banking.distributed_cache.discovery_mechanism is set to TCP,
Multicast configurations
If open_banking.distributed_cache.discovery_mechanism is set to Multicast,
Hazelcast property Configurations