[Apiman-user] Configure keystore, truststore, password for Vertx

Charles Moulliard cmoulliard at redhat.com
Thu Nov 12 07:27:11 EST 2015 

I was talking about https between the client (A) and apiman (B)

I suppose that different combinations are possible ...

1) No HTTPS

Client (App) <-- HTTP -> apiman <-- HTTP --> Service (API)

2) HTTPS / HTTP

Client (App) <-- HTTPS -> apiman <-- HTTP--> Service (API)

3) HTTPS / HTTPS

Client (App) <-- HTTPS --> apiman <-- HTTPS --> Service (API)

What is not currently supportly is mutual SSL between client (A) & 
Apiman (B) (= client will send its certificate for validation & auth) ?


On 12/11/15 13:03, Marc Savy wrote:
> What are you trying to achieve? Do you want mutual TLS between the
> gateway and the services you're offering through apiman? Or are you
> talking about TLS between a client and the gateway?
>
> i.e.
>                A            B
> Client (App) <---> apiman <---> Service (API)
>
> On 12/11/2015 10:51, Charles Moulliard wrote:
>> We don't have to use the wildfly config file but the apiman.properties
>> file located under also standalone/configuration folder of wildfly
>>
>> # ---------------------------------------------------------------------
>> # SSL/TLS settings for the gateway connector(s).
>> # ---------------------------------------------------------------------
>>
>> # Enable devMode for HTTPS connections (gateway trusts any certificate).
>> # This should *NOT* be used in production mode. *Use with great care.*
>> apiman-gateway.connector-factory.tls.devMode=true
>>
>> The connector-factory property will be next retrieved by the gateway as
>> such :
>> https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/war/src/main/java/io/apiman/gateway/platforms/war/WarEngineConfig.java#L134 
>>
>>
>> ...
>>
>> On 12/11/15 11:26, Jakub Čecháček wrote:
>>> Hello Charles,
>>>
>>> The example you used is specific for the VertX implementation of
>>> Apiman's gateway.
>>>
>>> I am not actually sure about the microservice implementation and the
>>> use of Jetty for example. However in case of WildFly you can configure
>>> the truststore in
>>> ${APIMAN_HOME}/standalone/configuration/standalone-apiman.xml (or any
>>> other WF config you decide to use for running apiman)
>>>
>>> Jakub
>>>
>>> On Thu, Nov 12, 2015 at 11:21 AM, Charles Moulliard
>>> <<mailto:cmoulliard at redhat.com>cmoulliard at redhat.com> wrote:
>>>
>>>     Hi,
>>>
>>>     According to the ApimanMan code
>>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3/vertx3/src/main/java/io/apiman/gateway/platforms/vertx3/verticles/HttpsGatewayVerticle.java#L36-L53),
>>>     HTTPS is supported and the trustore, keystore password ... can be
>>>     defined using this file
>>> (https://github.com/cmoulliard/apiman/blob/master/gateway/platforms/vertx3/vertx3/src/conf/conf.json#L22).
>>>
>>>
>>>     How can we configure this file when apiman is deployed as a WAR in
>>>     wildfly or in any other Java Container ?
>>>
>>>     Regards,
>>>
>>>     Charles
>>>     _______________________________________________
>>>     Apiman-user mailing list
>>>     Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>>>     https://lists.jboss.org/mailman/listinfo/apiman-user
>>>
>>>
>>
>>
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>

More information about the Apiman-user mailing list