I can make HTTP REST call inside a BPM Process. How do I do a secure HTTPS call. In Oracle I have to add the certificate to a wallet and then make the call. So how do you do that in WSO2 as it fails if I change the URL from HTTP to HTTPS ?
You have to import the certificates to client-truststore as in this documentation.
Related
I am getting SSL errors whenever SSL certificates on backend are updated. Is there a way to disable the SSL verification in wso2 api manager gateway
It is not recommended to disable SSL verification for an HTTPS endpoint. It is mandatory to import the backend certificate to the client-trustore file. It is better to use an HTTP endpoint instead of an HTTPS endpoint in these kinds of scenarios.
How to publish only Http service from WSO2AM?
I am receiving an empty response from the server when I access WSO2AM service from my client.
This is what I am setting for HTTP. Service is working using HTTPS but that is not desired.
I have generated a JAX-WS web service with RAD 8.5 which automatically generated an endpoint for the service at "http:endpoint". I generated a client for the web service from the WSDL and added transport security (SSL) to the web service and added a secure endpoint using the following line of code in my client:
proxy._getDescriptor().setEndpoint("https:endpoint");
Everything seems to work fine. My question is do I need to do anything about the existence of the original endpoint ant "http:endpoint". This is an in-house web service so all of the apps which use it in house will use the secure endpoint, but is the availability of the unsecure endpoint a security risk for the web service? If so, what do I need to do to fix it? Any help would be appreciated.
I am not familiar with the Framework you are using, but there should be a configuration in your proxy to not allow http calls at all. If you have that option, turn it on so that your service only listens on port 443 (secure port).
An alternative would be to rewrite all http requests with https.
I have a web service installed on Tomcat. I am using HTTPs to call the web service using a self-signed certificate. Calling this web service through HTTPs from PHP (curl) works fine and I get a normal response.
However, when the same HTTPs is sent to a USSD gateway, it does not return any response. It does with the normal HTTP requests.
I am not familiar with the gateway or its implementation. I only wrote the web service to be called but is there a way that the gateway can ignore the "untrusted certificate error" and proceed to send the HTTPs request to the Tomcat server?
Thanks.
I was planning the following setup:
A proxy service in WSO2 ESB that interacts with a backend service via JMS.
Proxy service clients connects to the WSO2 ESB using https with mutual authentication.
Within the proxy service mediators, information from the client's certificate are needed.
Is there some way the client certificate could be made available to mediators?
You do not need to provide client certificates provided at mediator level. Medeators are put together in a pipes & filter chain, and it is the endpoint at the end that connects to the back-end and it is at the endpoint level, you have to secure it. The blog post on How to invoke secured backend service using WSO2 ESB shows how to ahcive this.
First you have to enable mutual authentication in WSO2 ESB.If you do not know how to do that please refer Enable Mutual SSL for Proxy services in WSO2ESB.Then refer following block post to know how to get client's certificate in class mediator