问题
So I have https server and I want to make API with this server as back end. What I did was I copied certificate of server pem file and it converted into jks file and save it in
<APIMHome>/repository/resources/security But I couldn't make API in this way. What else should I do make this work ?
this is how convert pem into jks
keytool -import -v -trustcacerts -alias wso2carbon -file myserver.pem -keystore server.jks -storepass wso2carbon
回答1:
Trusted certificates have to be imported to client truststore.
eg: keytool importcert alias clientas keystore client-truststore.jks file clientas.crt
回答2:
- You need to install the certificate to trust store of the apimanger
- after installing that if you get error as javax.net.ssl.SSLException: Host name verification failed for host :
you might get this error seince hostname verification is set to Default. so to overcome this , modify the axis2.xml(https - transportSender) to turn Hostname Verification off as below.
<parameter name="HostnameVerifier">AllowAll</parameter>
回答3:
A certificate is a public key with extra properties (like company name, country,...) that is signed by some Certificate Authority(CA) that garants that the attached properties are true.
Convert you pem file into cer file with
openssl x509 -inform PEM -in myserver.pem -outform DER -out certificate.cer
Then import your certificate into wso2 client-truststore.jks resides in wso2am-1.7.0/repository/resources/security directory
keytool -importcert -file certificate.cer -keystore client-truststore.jks -alias "Alias"
来源:https://stackoverflow.com/questions/27576215/how-backend-https-server-connect-with-wso2-api-manager