This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Multi-HTTPS Transport
The product uses a trust store and a key store for SSL protocol implementation. The Multi-HTTPS transport is similar to the HTTPS-NIO Transport, but it allows you to have different SSL profiles with separate trust stores and key stores for different hosts using the same product instance. The product can listen to different host IPs and ports for incoming HTTPS connections, and each IP/Port will have a separate SSL profile configured. Â
The receiver class is named as follows:
org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener
The sender class is named as follows:
org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLSender
Enabling the transport
You enable the Multi-HTTPS transport by adding the following configuration to <PRODUCT_HOME>/repository/conf/Axis2/axis2.xml
.
<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener"> <parameter name="port">8343</parameter> <parameter name="non-blocking">true</parameter> <parameter name="SSLProfiles"> <profile> <bindAddress>192.168.1.2</bindAddress> <KeyStore> <Location>/path/to/testhost1.p12</Location> <Type>PKCS12</Type> <Password>test</Password> <KeyPassword>test</KeyPassword> </KeyStore> </profile> <profile> <bindAddress>192.168.1.3</bindAddress> <KeyStore> <Location>/path/to/testhost2.p12</Location> <Type>PKCS12</Type> <Password>test</Password> <KeyPassword>test</KeyPassword> </KeyStore> </profile> <profile> <bindAddress>192.168.1.4</bindAddress> <KeyStore> <Location>/path/to/testhost3.p12</Location> <Type>PKCS12</Type> <Password>test</Password> <KeyPassword>test</KeyPassword> </KeyStore> <TrustStore> <Location>/path/to/testtrust.jks</Location> <Type>JKS</Type> <Password>nopassword</Password> </TrustStore> <SSLVerifyClient>require</SSLVerifyClient> </profile> </parameter> </transportReceiver>
Synchronizing the profiles in a cluster
If you are running in a clustered environment and want your SSL profiles to be synchronized across the cluster nodes, you can move the SSLProfiles
parameter from axis2.xml
to <PRODUCT_HOME>/repository/deployment/server/multi_ssl_profiles.xml
. You then add the SSLProfilesConfigPath
parameter to the Multi-HTTPS transport receiver configuration in axis2.xml
and point to the new destination of the configuration.
For example, the Multi-HTTPS transport configuration in axis2.xml
will now look like this:
<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener"> <parameter name="port">8343</parameter> <parameter name="non-blocking">true</parameter> <parameter name="SSLProfilesConfigPath"> Â <filePath>/repository/deployment/server/multi_ssl_profiles.xml</filePath> </parameter> </transportReceiver>
To synchronize this configuration between two product nodes, you must enable clustering and SVN-Based Deployment Synchronizer. For more information, see Introduction to Deployment Synchronizer. The directory <PRODUCT_HOME>/repository/deployments/server
will then be synchronized on the product nodes when they are run in a clustered environment. If you change the multi_ssl_profiles.xml
file, you must manually reload it into each node by invoking the reloadSSLProfileConfig
in the org.apache.synapse.MultiSSLProfileReload
MBean in JConsole.