Re: [Apiman-user] Configure keystore, truststore, password for Vertx

What is not currently supportly is mutual SSL between client (A) & Apiman (B) (= client will send its certificate for validation & auth) ?

I was talking about https between the client (A) and apiman (B) I suppose that different combinations are possible ... 1) No HTTPS Client (App) <-- HTTP -> apiman <-- HTTP --> Service (API) 2) HTTPS / HTTP Client (App) <-- HTTPS -> apiman <-- HTTP--> Service (API) 3) HTTPS / HTTPS Client (App) <-- HTTPS --> apiman <-- HTTPS --> Service (API) What is not currently supportly is mutual SSL between client (A) & Apiman (B) (= client will send its certificate for validation & auth) ? On 12/11/15 13:03, Marc Savy wrote: > What are you trying to achieve? Do you want mutual TLS between the > gateway and the services you're offering through apiman? Or are you > talking about TLS between a client and the gateway? > > i.e. > A B > Client (App) <---> apiman <---> Service (API) > > On 12/11/2015 10:51, Charles Moulliard wrote: >> We don't have to use the wildfly config file but the apiman.properties >> file located under also standalone/configuration folder of wildfly >> >> # --------------------------------------------------------------------- >> # SSL/TLS settings for the gateway connector(s). >> # --------------------------------------------------------------------- >> >> # Enable devMode for HTTPS connections (gateway trusts any certificate). >> # This should *NOT* be used in production mode. *Use with great care.* >> apiman-gateway.connector-factory.tls.devMode=true >> >> The connector-factory property will be next retrieved by the gateway as >> such : >> https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/war/sr... >> >> >> ... >> >> On 12/11/15 11:26, Jakub Čecháček wrote: >>> Hello Charles, >>> >>> The example you used is specific for the VertX implementation of >>> Apiman's gateway. >>> >>> I am not actually sure about the microservice implementation and the >>> use of Jetty for example. However in case of WildFly you can configure >>> the truststore in >>> ${APIMAN_HOME}/standalone/configuration/standalone-apiman.xml (or any >>> other WF config you decide to use for running apiman) >>> >>> Jakub >>> >>> On Thu, Nov 12, 2015 at 11:21 AM, Charles Moulliard >>> <<mailto:cmoulliard@redhat.com>cmoulliard@redhat.com> wrote: >>> >>> Hi, >>> >>> According to the ApimanMan code >>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3...), >>> >>> HTTPS is supported and the trustore, keystore password ... can be >>> defined using this file >>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3...). >>> >>> >>> >>> How can we configure this file when apiman is deployed as a WAR in >>> wildfly or in any other Java Container ? >>> >>> Regards, >>> >>> Charles >>> _______________________________________________ >>> Apiman-user mailing list >>> Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> >>> https://lists.jboss.org/mailman/listinfo/apiman-user >>> >>> >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >