We are using WSO2 integrator 6.4. To be able to connect to 3rd party HTTPS servers, we need to add server's certificate to client-truststore.jks. A lot of servers now use certificates from https://letsencrypt.org with 3 months TTL. That means we must renew certificates every three months for every 3rd part server in our enviroment otherwise we get "Error in Sender" error. Is there a way to disable certificate checking in WSO2 EI at all? Or maybe it is possible to make some automatic scenario to renew certificates in client-truststore.jks? Or can we check certificates in client-truststore.jks inside wso2 ei itself and send warnings before expiration?
Renew certifcates in WSO2 EI client trust store
476 Views Asked by Maxim Fazyloff At
2
There are 2 best solutions below
Related Questions in WSO2
- Auto redirection in WSO2 API
- writing into file using VFS -WSO2 ESB 4.8.1
- how can I improve the response of BPS
- How to route by call method in proxy with WSO2?
- writing into file (Converting Base64 to Binary) values Using VFS and ESB 4.8.1
- How to publish wsdl when using different endpoints in proxy with WSO2?
- Importing users into a WSO2 IS User Database
- WSO2 IS - Do a Single Logout using the IdentitySAMLSSOService
- Wso2 DSS Tenant Endpoint Url not working
- How to deploy API Managers behind ELBs on AWS and preserve X-Forwarded headers?
- Is one XACML file per user a good approach?
- Changing WSO2 / Synapse to expose CXF service instead of AXIS2
- Fault Sequence ERROR_CODE property is not generating error as expected in wso2
- WSO2 ESB returning HTTP/1.1 413 Request Too Long for GET with url of 8k characters
- WSO2 MDM Connection Failer
Related Questions in WSO2-ENTERPRISE-INTEGRATOR
- How to Configure custom synapsis handler for a specific API in wso2 EI 6.1.1
- error in create data source for sqlserver in wso2 ei
- wso2 Data Services REST POST JSON format
- There is no data except for last hour in WSO2 EI Analytics
- Is possible run message broker as a windows service in wso2?
- How to add dependencies to CompositeApplicationProject?
- Update Registry file content in WSO2 EI 6.1.1 dynamically
- WSO2 - Throttle mediator implementation for the policy not blocking the requests from IP
- Unit Test Case reporting for WSO2 EI
- Is it possible to migrate embed h2 database to PostgreSQL database with data in WSO2 identity server 5.10
- Transport error: 404 Error: Not Found in WSO2 EI 6.1.1
- I need to apply Aggregator Mediator in WSO2 Integration Studio
- Renew certifcates in WSO2 EI client trust store
- Attachment Handling through WSO2 EI 6.1.1 in API
- wso2mi 7.1, mysql user_storage, first user
Related Questions in JKS
- How to correct generate signature using rsa private key with java?
- Configure JAX-WS web-service over HTTPS in WAS at application level
- Installing an Intermediate/chain certificate using Java Key Tool
- How to convert a p12 file into gateway.jks,cacerts.jks
- JKS file with Password to access Financial Institute's API
- Converting .cer to .jks using java
- What is the difference between the .Kdb file, the .jks file, and the CMS file?
- loading JKS in Jar in System.setProperty
- Converting a PFX certificate to a JKS gives "Duplicate extensions not allowed" exception
- How do I convert jks keystore file to something like PEM?
- getting error while trying to convert pfx without password to jks
- how to add/convert certificate file into pkcs12 file
- cacerts vs. jks in a cxf-based client
- Calling WS with SSL in java
- Convert Keystore - Windows-my to jks
Related Questions in WSO2-ESB
- Auto redirection in WSO2 API
- writing into file using VFS -WSO2 ESB 4.8.1
- How to route by call method in proxy with WSO2?
- writing into file (Converting Base64 to Binary) values Using VFS and ESB 4.8.1
- How to publish wsdl when using different endpoints in proxy with WSO2?
- Wso2 DSS Tenant Endpoint Url not working
- Changing WSO2 / Synapse to expose CXF service instead of AXIS2
- Fault Sequence ERROR_CODE property is not generating error as expected in wso2
- WSO2 ESB returning HTTP/1.1 413 Request Too Long for GET with url of 8k characters
- How to identify the user from the User Token in WSO2 API Manager
- WSO2 BAM ESB LogEvent Authentication failed! admin
- wso2 esb proxy cannot return response sometimes
- How to merge two wsdl in a wsdl file?
- Large File Processing in WSO2 ESB with headers and trailer
- Best practices with API in WSO2 ESB
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
A little basic in TLS trust.
When do you have explicit trust, trusting individual certificates (often done for self-signed certificates). Indeed this approach creates significant management overhead, mainly when onboarding, offboarding new service hosts or with short-lived certificates.
For TLS (SSL) an implicit trust is used. Your application trusts a list of (long lasting) the issuers - Certificate authorities (CA). Event the list of the CA certificates change over time, so some manual management may be necessary anyway.
Yes, there is (in axis2.xml), but that lowers the security and the traffic would be vulnerable to a man-in-the-middle attack.
Yes, this is the correct approach. If you have closed environment (not able to access internet), you may need to add all the certificate chain (root and iternmediate signing certificates)