WSO2 ESB uses the truststore for SSL communicating and keystore-truststore pair for Mutual SSL communicating.
In here I have used a trust store for SSL communicating.
Configure App Server as backend
Configure backend :
1. Use app server as backend
2. Create a new keystore in App server in <Appserver_Home>/repository/resources/security
keytool -genkey -alias appserver -keyalg RSA -keysize 1024 -keypass password -keystore appserver.jks -storepass password
3. Export in to a pem file by following command
keytool -export -alias appserver -keystore appserver.jks -storepass password -file appserver.pem
4. Edit the carbon.xml in appserver as below :
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/appserver.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>password</Password>
<!-- Private Key alias-->
<KeyAlias>appserver</KeyAlias>
<!-- Private Key password-->
<KeyPassword>password</KeyPassword>
</KeyStore>
Configure ESB :
1. Created a new keystore.
keytool -genkey -alias esb -keyalg RSA -keysize 1024 -keypass password -keystore esb.jks -storepass password
2. Copy and paste appserver.pem in to the <ESB_HOME>repository/resources/security folder Import appserver.pem in to esb.jks by following command.
keytool -import -alias appservernewesb -file appserver.pem -keystore esb.jks -storepass password
3. Configure esb for custom profile in axis2.xml as below.
<parameter name="customSSLProfiles">
<profile>
<servers>10.100.0.31:9443</servers>
<TrustStore>
<Location>repository/resources/security/esb.jks</Location>
<Type>JKS</Type>
<Password>password</Password>
</TrustStore>
</profile>
</parameter>
Invoke and Test :
1. Restart Appserver (offset=0) and ESB (offset = 10) by the command :
"sh wso2server.sh" or "sh wso2server.sh -Djavax.net.debug=ssl:handshake " to view the detailed logs.
Following logs should be printed during restart.
[2015-04-27 18:33:19,397] INFO - ClientConnFactoryBuilder HTTPS Loading Identity Keystore from : repository/resources/security/wso2carbon.jks
[2015-04-27 18:33:19,400] INFO - ClientConnFactoryBuilder HTTPS Loading Trust Keystore from : repository/resources/security/client-truststore.jks
[2015-04-27 18:33:19,408] INFO - ClientConnFactoryBuilder HTTPS Loading custom SSL profiles for the HTTPS sender
[2015-04-27 18:33:19,408] INFO - ClientConnFactoryBuilder HTTPS Loading Trust Keystore from : repository/resources/security/esb.jks
[2015-04-27 18:33:19,409] INFO - ClientConnFactoryBuilder HTTPS Custom SSL profiles initialized for 1 servers
2. Create the below proxy in ESB.
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="SecureHello"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="https://localhost:9443/services/HelloService/"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost:9763/services/HelloService?wsdl"/>
<description/>
</proxy>
3. Invoke the Proxy.
<body>
<p:greet xmlns:p="http://www.wso2.org/types">
<!--0 to 1 occurrence-->
<name>ushani</name>
</p:greet>
</body>
Following response will be received.
<ns:greetResponse xmlns:ns="http://www.wso2.org/types">
<return>Hello World, ushani !!!</return>
</ns:greetResponse>