HostOnNet Blog


Installing SSL on WSO2 Application Server

WSO2 is an Open Source Enterpise ready API and Application Server available fom

http://wso2.com

Inststruction for SSL certificate installation available at

https://docs.wso2.com/display/AS521/Creating+New+Keystores

First you need to Generate CSR and Private Key. Follow instructions at

https://blog.hostonnet.com/csr

Now you have .csr and .key files. Use the .csr file to purchase SSL certificate from your SSL provider.

Once your SSl is ready, upload it to the server running WSO2 Application Server.

Creating PFX file

We need to convert SSL certificate, private key and ca bundle into PFX file.

openssl pkcs12 -export -in  /root/hostonnet.com.crt -inkey /root/hostonnet.com.key -name "wso2carbon" -certfile /root/bundle.crt -out hostonnet.com.pfx

It will ask you to enter password, use “wso2carbon” for password. If you use anything different, you need to update file.

vi wso2esb/repository/conf/carbon.xml

I used default values.

        <KeyStore>
            <!-- Keystore file location-->
            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
            <!-- Keystore type (JKS/PKCS12 etc.)-->
            <Type>JKS</Type>
            <!-- Keystore password-->
            <Password>wso2carbon</Password>
            <!-- Private Key alias-->
            <KeyAlias>wso2carbon</KeyAlias>
            <!-- Private Key password-->
            <KeyPassword>wso2carbon</KeyPassword>
        </KeyStore>

Creating JKS file

Run

rm -rf /root/wso2esb/repository/resources/security/wso2carbon.jks
keytool -importkeystore -srckeystore boby.pfx -srcstoretype pkcs12 -destkeystore /root/wso2esb/repository/resources/security/wso2carbon.jks -deststoretype JKS

Restart WSO2 Application Server

~/wso2esb/bin/wso2server.sh stop
~/wso2esb/bin/wso2server.sh start

Posted in Linux