certificate https endpoint in wso2 esb

Question

in wso2 esb i want to add a https proxy service and but when in define proxy service in specity source url use https://... in test url get error :

Invalid WSDL URI (Unable to establish a connection)

and in next step in definr endpoint use of an endpoint https:// ... this error apear :

Unable to validate SSL Certificate of https://....

i try to certificate a crt file and in my https proxy service in wso2\repository\resources\security\client-truststore.jks with keytool

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

and enable https transport sender and recsiever in axis2.xml but my problem do not solve.

Answer 1

I guess, you are trying to connect to a HTTPS endpoint using proxy service. Here you want to import the endpoint server's certificate chain in the the "client-truststore.jks" flie and restart the server. However; by default HTTPS transport sender and receiver are enabled. You may not need to enable them.

But few things to remember..

1. In transport sender, if you do NOT want to verify the host name of the end point server with its certificate, Please configure "HostnameVerifier" property to "AllowAll". If not, if your end point server's IP and certificate CN are not matched, It would create some errors.

2. If end point server's certificate is a self signed on, you can just import the server's certificate. If it is a CA singed on, You need to import all the CA certificate chain. (However most common CA certificates can be found in the "client-truststore.jks" file)

3. If you want to change the trust store or key store files, you can do it using transport sender configurations. By default trust store file is "client-truststore.jks" Also, if you did any changes to axis2.xml file or key stores, Please restart the server.

Also If you want to expose your proxy service using SSL, you need to enable the "https" in the proxy service. And then your client needs to user ESB server's certificate to call the proxy service.