Enabling Mutual SSL between WSO2 ESB and Tomcat

Import Tomcat's public key to ESB's TrustStore

First we need to create a key-store for tomcat. For that execute the following:
keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore tomcatKeystore.jks

Export public key certificate from tomcat's key-store:
keytool -export -alias tomcat -keystore tomcatKeystore
.jks -file tomcatCert.cer
Import the above exported tomcat's public key to ESB's trust-store:
keytool -import -alias tomcat -file tomcatCert.cer

Import ESB's public key to Tomcat TrustSotre

Export public key certificate from ESB's key-store:
keytool -export -alias tomcat -keystore <ESB_HOME>/repository/resources/security/wso2carbon.jks -file wso2carbon.cer
Import the above exported ESB's public key to tomcat's trust-store. (Here the we create a new trust-store for tomcat)
keytool -import -alias tomcat -file <ESB_HOME>/repository/resources/security/wso2carbon.cer -keystore tomcatTrustStore.jks

Enable SSL in ESB

In the <ESB_HOME>/repository/conf/axis2/axis2.xml file, uncomment the following property in the "<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">" block.
parameter name="SSLVerifyClient">require</parameter>

Enable SSL in Tomcat

We need to enable the HTTPS port in tomcat. By default its commented-out. Hence modify the <Tomcat_Home>/conf/server.xml as follows, and point the key-store and trust-store.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

        maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

        clientAuth="false" sslProtocol="TLS"









               truststoreType="JKS" />