||
Skip to end of metadata
Go to start of metadata

Similar to the HTTP transport, the HTTPS transport consists of a receiver implementation which comes from the Carbon core component and a sender implementation which comes from the Tomcat http connector. In fact, this transport uses exactly the same transport sender implementation as the HTTP transport . The transport receiver implementation of the HTTP transport is available in the Carbon core component. The transport sender implementation comes from the Tomcat http connector. This transport is shipped with WSO2 Carbon and all WSO2 Carbon-based products, which use this transport as the default transport, except WSO2 ESB. By default, we use non-blocking Tomcat Java connector, org.apache.coyo te.http11.Http11NioProtocol.

Although the axis2.xml file contains configurations for HTTP/S transports by default, they are not used by WSO2 products. Instead, the products use the HTTP/S transport configurations in Tomcat-level; therefore, changing the HTTP/S configurations in the axis2.xml file has no effect.

HTTPS servlet transport should be configured in the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file, same as with the HTTP servlet transport. The transport class that should be specified in the catalina-server.xml file is as follows: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"/>

Transport connector parameters

In addition to the configuration parameters supported by the HTTP servlet transport, HTTPS servlet transport supports the following configuration parameters:

In the transport parameter tables, the literals displayed in italics under the "Possible Values" column should be considered as fixed literal constant values. Those values can be directly put in transport configurations.

Parameter Name

Description

Possible Values

Default Value

sslProtocol

Transport level security protocol to be used.

TLS, SSL

TLS

enableLookupsSet to  true  if you want calls to  request.getRemoteHost()  to perform DNS lookups in order to return the actual host name of the remote client. Set to  false  to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). true, false 
clientAuthSet to true if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. Set to want if you want the SSL stack to request a client Certificate, but not fail if one isn't presented. A false value (which is the default) will not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication.true, false 
schemeSet this attribute to the name of the protocol you wish to have returned by calls to  request.getScheme().http, https 
secureSet this attribute to  true  if you wish to have calls to  request.isSecure()  to return  true  for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver. true, false 
SSLEnabledUse this attribute to enable SSL traffic on a connector. To turn on SSL handshake/encryption/decryption on a connector set this value to true. When turning this value true you will want to set the scheme and the secure attributes as well to pass the correct request.getScheme() and request.isSecure() values to the servlets. For more information see, SSL Support.true, false 

keystoreFile

Path to the keystore which should be used for encryption/decryption.

A valid file path to a keystore file

 

keypass

Password to access the specified keystore.

A valid password

 

Similar to the servlet HTTP transport, this transport is also based on Apache Tomcat's connector implementation. For a complete list of supported parameters, see Tomcat connector configuration reference. 

Defining multiple tomcat connectors

You have the option of defining multiple HTTPS connectors in the catalina-server.xml file in the same way as for HTTP connectors. See HTTP servlet transport for more information.

  • No labels