[Apiman-user] Configure keystore, truststore, password for Vertx
Marc Savy
marc.savy at redhat.com
Thu Nov 12 07:31:30 EST 2015
Correct. There are multiple possible combinations.
> What is not currently supportly is mutual SSL between client (A) & Apiman (B) (= client will send its certificate for validation & auth) ?
You can set this up yourself if you want. For WF: https://girirajsharma.wordpress.com/2015/10/04/authentication-via-wildfly-mutual-ssl-two-way-configuration/
On 12/11/2015 12:27, Charles Moulliard wrote:
> I was talking about https between the client (A) and apiman (B)
>
> I suppose that different combinations are possible ...
>
> 1) No HTTPS
>
> Client (App) <-- HTTP -> apiman <-- HTTP --> Service (API)
>
> 2) HTTPS / HTTP
>
> Client (App) <-- HTTPS -> apiman <-- HTTP--> Service (API)
>
> 3) HTTPS / HTTPS
>
> Client (App) <-- HTTPS --> apiman <-- HTTPS --> Service (API)
>
> What is not currently supportly is mutual SSL between client (A) &
> Apiman (B) (= client will send its certificate for validation & auth) ?
>
>
> On 12/11/15 13:03, Marc Savy wrote:
> > What are you trying to achieve? Do you want mutual TLS between the
> > gateway and the services you're offering through apiman? Or are you
> > talking about TLS between a client and the gateway?
> >
> > i.e.
> > A B
> > Client (App) <---> apiman <---> Service (API)
> >
> > On 12/11/2015 10:51, Charles Moulliard wrote:
> >> We don't have to use the wildfly config file but the apiman.properties
> >> file located under also standalone/configuration folder of wildfly
> >>
> >> # ---------------------------------------------------------------------
> >> # SSL/TLS settings for the gateway connector(s).
> >> # ---------------------------------------------------------------------
> >>
> >> # Enable devMode for HTTPS connections (gateway trusts any certificate).
> >> # This should *NOT* be used in production mode. *Use with great care.*
> >> apiman-gateway.connector-factory.tls.devMode=true
> >>
> >> The connector-factory property will be next retrieved by the gateway as
> >> such :
> >> https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/war/src/main/java/io/apiman/gateway/platforms/war/WarEngineConfig.java#L134
> >>
> >>
> >> ...
> >>
> >> On 12/11/15 11:26, Jakub Čecháček wrote:
> >>> Hello Charles,
> >>>
> >>> The example you used is specific for the VertX implementation of
> >>> Apiman's gateway.
> >>>
> >>> I am not actually sure about the microservice implementation and the
> >>> use of Jetty for example. However in case of WildFly you can configure
> >>> the truststore in
> >>> ${APIMAN_HOME}/standalone/configuration/standalone-apiman.xml (or any
> >>> other WF config you decide to use for running apiman)
> >>>
> >>> Jakub
> >>>
> >>> On Thu, Nov 12, 2015 at 11:21 AM, Charles Moulliard
> >>> <<mailto:cmoulliard at redhat.com>cmoulliard at redhat.com> wrote:
> >>>
> >>> Hi,
> >>>
> >>> According to the ApimanMan code
> >>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3/vertx3/src/main/java/io/apiman/gateway/platforms/vertx3/verticles/HttpsGatewayVerticle.java#L36-L53),
> >>>
> >>> HTTPS is supported and the trustore, keystore password ... can be
> >>> defined using this file
> >>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3/vertx3/src/conf/conf.json#L22).
> >>>
> >>>
> >>>
> >>> How can we configure this file when apiman is deployed as a WAR in
> >>> wildfly or in any other Java Container ?
> >>>
> >>> Regards,
> >>>
> >>> Charles
> >>> _______________________________________________
> >>> Apiman-user mailing list
> >>> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
> >>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>
> >>>
> >>
> >>
> >>
> >> _______________________________________________
> >> Apiman-user mailing list
> >> Apiman-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>
> >
>
More information about the Apiman-user
mailing list