We are using WSO2 integrator 6.4. To be able to connect to 3rd party HTTPS servers, we need to add server's certificate to client-truststore.jks. A lot of servers now use certificates from https://letsencrypt.org with 3 months TTL. That means we must renew certificates every three months for every 3rd part server in our enviroment otherwise we get "Error in Sender" error. Is there a way to disable certificate checking in WSO2 EI at all? Or maybe it is possible to make some automatic scenario to renew certificates in client-truststore.jks? Or can we check certificates in client-truststore.jks inside wso2 ei itself and send warnings before expiration?
Renew certifcates in WSO2 EI client trust store
431 Views Asked by Maxim Fazyloff At
2
A little basic in TLS trust.
When do you have explicit trust, trusting individual certificates (often done for self-signed certificates). Indeed this approach creates significant management overhead, mainly when onboarding, offboarding new service hosts or with short-lived certificates.
For TLS (SSL) an implicit trust is used. Your application trusts a list of (long lasting) the issuers - Certificate authorities (CA). Event the list of the CA certificates change over time, so some manual management may be necessary anyway.
Yes, there is (in axis2.xml), but that lowers the security and the traffic would be vulnerable to a man-in-the-middle attack.
Yes, this is the correct approach. If you have closed environment (not able to access internet), you may need to add all the certificate chain (root and iternmediate signing certificates)