Enabling Mutual SSL between WSO2 ESB and Tomcat
Import Tomcat's public key to ESB's TrustStore
First we need to create a key-store for tomcat. For that execute the following:keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore tomcatKeystore.jks
Export public key certificate from tomcat's key-store:
keytool -export -alias tomcat -keystore tomcatKeystore .jks -file tomcatCert.cerImport the above exported tomcat's public key to ESB's trust-store:
keytool -import -alias tomcat -file tomcatCert.cer
Import ESB's public key to Tomcat TrustSotre
Export public key certificate from ESB's key-store:keytool -export -alias tomcat -keystore <ESB_HOME>/repository/resources/security/wso2carbon.jks -file wso2carbon.cer
keytool -import -alias tomcat -file <ESB_HOME>/repository/resources/security/wso2carbon.cer -keystore tomcatTrustStore.jks
Enable SSL in ESB
In the <ESB_HOME>/repository/conf/axis2/axis2.xml file, uncomment the following property in the "<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">" block.
parameter name="SSLVerifyClient">require</parameter>
Enable SSL in Tomcat
We need to enable the HTTPS port in tomcat. By default its commented-out. Hence modify the <Tomcat_Home>/conf/server.xml as follows, and point the key-store and trust-store.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" connectionTimeout="20000" redirectPort="8443" keyAlias="tomcat" keystoreFile="path/to/tomcatKeystore.jks" keystorePass="tomcat" keystoreType="JKS" truststoreFile="path/to/tomcatTruststore.jks" truststorePass="tomcat" truststoreType="JKS" />
0 comments