This documentation is for WSO2 Enterprise Service Bus version 4.8.0 . View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

The ESB uses a trust store and a keystore for SSL protocol implementation. The Multi-HTTPS transport is similar to the HTTPS-NIO Transport, but it allows you to have different SSL profiles with separate trust stores and keystores for different hosts using the same ESB. The ESB can listen to different host IPs and ports for incoming HTTPS connections, and each IP/Port will have a separate SSL profile configured.  

The receiver class is named as follows:

org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener

The sender class is named as follows:

org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLSender

Enabling the transport

You enable the Multi-HTTPS transport by adding the following configuration to <ESB_HOME>/repository/conf/Axis2/axis2.xml.

<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener">
        <parameter name="port">8343</parameter>
        <parameter name="non-blocking">true</parameter>
        <parameter name="SSLProfiles">
            <profile>
                <bindAddress>192.168.1.2</bindAddress>
                <KeyStore>
                    <Location>/path/to/testhost1.p12</Location>
                    <Type>PKCS12</Type>
                    <Password>test</Password>
                    <KeyPassword>test</KeyPassword>
                </KeyStore>
            </profile>
            <profile>
                <bindAddress>192.168.1.3</bindAddress>
                <KeyStore>
                    <Location>/path/to/testhost2.p12</Location>
                    <Type>PKCS12</Type>
                    <Password>test</Password>
                    <KeyPassword>test</KeyPassword>
                </KeyStore>
            </profile>
            <profile>
                <bindAddress>192.168.1.4</bindAddress>
                <KeyStore>
                    <Location>/path/to/testhost3.p12</Location>
                    <Type>PKCS12</Type>
                    <Password>test</Password>
                    <KeyPassword>test</KeyPassword>
                </KeyStore>
                <TrustStore>
                    <Location>/path/to/testtrust.jks</Location>
                    <Type>JKS</Type>
                    <Password>nopassword</Password>
                </TrustStore>
                <SSLVerifyClient>require</SSLVerifyClient>
            </profile>
        </parameter>
</transportReceiver>

Synchronizing the profiles in a cluster

If you are running in a clustered environment and want your SSL profiles to be synchronized across the cluster nodes, you can move the SSLProfiles parameter from axis2.xml to <ESB_HOME>/repository/deployment/server/multi_ssl_profiles.xml. You then add the SSLProfilesConfigPath parameter to the Multi-HTTPS transport receiver configuration in axis2.xml and point to the new destination of the configuration.

For example, the Multi-HTTPS transport configuration in axis2.xml will now look like this:

<transportReceiver name="multi-https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOMultiSSLListener">
        <parameter name="port">8343</parameter>
        <parameter name="non-blocking">true</parameter>
        <parameter name="SSLProfilesConfigPath">
           <filePath>/repository/deployment/server/multi_ssl_profiles.xml</filePath>
        </parameter>
</transportReceiver>

To synchronize this configuration between two ESB nodes, you must enable ESB clustering and SVN-Based Deployment Synchronizer. For more information, see Introduction to Deployment Synchronizer. The directory <ESB_HOME>/repository/deployments/server will then be synchronized on the ESB nodes when they are run in a clustered environment. If you change the multi_ssl_profiles.xml file, you must manually reload it into each node's ESB by invoking the reloadSSLProfileConfig in the org.apache.synapse.MultiSSLProfileReload MBean in JConsole. For more information, see Monitoring the ESB.

  • No labels