我使用WSO2APIM 2.6.0,并将其用作H2的数据库的默认配置和其他设置。我曾经是APIM 2.5.0的用户,在那方面一切正常。
但是,我们需要安装我在APIM 2.5.0中创建的API的后端服务器的SSL证书
阅读文档[https://docs.wso2.com/display/AM260/Dynamic+SSL+Certificate+Installation] 和[https://docs.wso2.com/display/AM260/RESTful+APIs]我了解到2.6.0可以使用restAPI在APIM客户端信任中添加新的SSL证书。
我已经对此进行了测试,并且似乎工作正常(使用rest api添加证书)。添加证书后,似乎必须每10分钟将其加载到网关节点中(默认情况下,然后可以根据axis2.xml文件中的要求进行更改)
但是,即使在客户端信任库中添加了证书之后,当我单击API Publisher中的端点TEST按钮时,它也会显示“无效端点”。即使有类似以下的日志,该证书似乎也未加载
TID: [-1234] [] [2019-09-18 14:44:51,302] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - Certificate is successfully added to the Publisher client Trust Store with Alias 'devcertificate' {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,341] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin@carbon.super [-1234]' logged in at [2019-09-18 14:44:51,341+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Alias 'devcertificate' exists in the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Transport Sender will be re-initialized in few minutes. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The certificate with Alias 'devcertificate' is successfully added to the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1] [] [2019-09-18 14:49:12,582] INFO {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent} - Running DB sync task. {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent}
TID: [-1] [] [2019-09-18 14:53:28,348] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - PassThroughHttpSender reloading SSL Config.. {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - customSSLProfiles configuration is loaded from path: /opt/new/test/apim/fresh/usr/lib/wso2/wso2am/2.6.0/repository/resources/security/sslprofiles.xml {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Loading custom SSL profiles for the HTTPS sender {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Custom SSL profiles initialized for 1 servers {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - Pass-through HTTPS Sender updated with Dynamic Configuration Updates ... {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}
所以,我的问题是,我们是否必须重新启动服务器以反映添加到客户端信任库中的证书才能正常工作。还是根据证书在网关节点上加载10分钟后的文档,而无需重新启动服务器,证书就可以反映出来并且可以与后端服务器通信?我在这里想念什么吗?
有人可以帮我吗?
谢谢
答案 0 :(得分:0)
这里有多个节点吗? 通过发布者控制台上传动态SSL证书后,它将被添加到当前节点的/repository/resources/security/sslprofiles.xml和/repository/resources/security/client-truststore.jks中。但是,如果设置为群集,则这两个文件需要在节点之间同步,以更新这些doc中提到的动态添加的证书。