APIM 2.6.0通过APIM 2.6.0的Rest APIM安装SSL证书
我使用的是具有默认数据库配置的WSO2APIM 2.6.0,它将其用作H2和其他设置。我一直是APIM 2.5.0的用户,在那里运行得很好。
但是,我在APIM 2.5.0中创建的API,我们需要安装后端服务器的SSL证书
通过阅读文档[https://docs.wso2.com/display/AM260/Dynamic+SSL+Certificate+Installation]和[https://docs.wso2.com/display/AM260/RESTful+APIs],我了解到2.6.0可以使用restAPI在APIM client trustore中添加一个新的SSL证书。
我已经测试过了,它似乎工作得很好(使用rest api添加证书).Once你添加证书,似乎它必须加载到网关节点,这每10分钟发生一次(默认情况下,它可以根据axis2.xml文件的要求进行更改)
但是,即使在client-truststore中添加了证书,当我在API Publisher中单击端点测试按钮时,它也会显示'Invalid Endpoint.‘。即使有如下日志,证书似乎仍未加载
TID: [-1234] [] [2019-09-18 14:44:51,302] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - Certificate is successfully added to the Publisher client Trust Store with Alias 'devcertificate' {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,341] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin@carbon.super [-1234]' logged in at [2019-09-18 14:44:51,341+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Alias 'devcertificate' exists in the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Transport Sender will be re-initialized in few minutes. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The certificate with Alias 'devcertificate' is successfully added to the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1] [] [2019-09-18 14:49:12,582] INFO {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent} - Running DB sync task. {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent}
TID: [-1] [] [2019-09-18 14:53:28,348] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - PassThroughHttpSender reloading SSL Config.. {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - customSSLProfiles configuration is loaded from path: /opt/new/test/apim/fresh/usr/lib/wso2/wso2am/2.6.0/repository/resources/security/sslprofiles.xml {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Loading custom SSL profiles for the HTTPS sender {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Custom SSL profiles initialized for 1 servers {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - Pass-through HTTPS Sender updated with Dynamic Configuration Updates ... {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}所以,我这里的问题是,我们是否必须重新启动服务器以反映添加到客户端信任存储中的证书才能正常工作。或者根据文档,在10分钟后,一旦证书加载到网关节点,无需重新启动服务器,证书就会得到反映,并可以完成与后端服务器的通信?我是不是错过了什么。
谁能帮帮我。
谢谢
回答 1
Stack Overflow用户
发布于 2019-09-19 14:31:07
这里是否有多个节点?当通过发布者控制台上传动态SSL证书时,它会被添加到当前节点的/repository/resources/security/sslprofiles.xml和/repository/resources/security/client-truststore.jks中。但是,如果设置是集群的,则需要在节点之间同步这两个文件,以更新doc中提到的这些动态添加的证书。
https://stackoverflow.com/questions/57997120
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号