Wednesday, June 17, 2015

Setting Up Mutual SSL in WSO2 ESB - Enable only for selected proxy services

This Blog post is an updated version of Asela's Blog 

I am using same environment described in my previous blog for this tutorial

Configure WSO2 ESB Server 


1) Edit https transportReceiver in axis2.xml, which is located in /repository/conf/axis2/ folder and Add SSLVerifyClient to optional as follows.
2) Restart ESB Server.

Note: This will make Mutual SSL optional for proxy services exposed on https transport.

Now you will able to Invoke Test Proxy without SSL KeyStore property in SOAP UI. To verify this remove value of SSL KeyStore and Invoke Request 1 Again.



Enable Mutual SSL for Test Proxy


1) Create a ESB XML local entry called MutualSSLPolicy.xml with following content.




2) Add following parameters to Test Proxy. 


( Add these parameters to proxy services you want to enable mutual authentication. )'

3) Final Test proxy will look like this



Testing With SOAP UI 

1) Try Request 1 without SSL KeyStore parameter. Request Fails with SOAP Fault



2) Now try with SSL KeyStore Parameter, Now you will able to invoke Test Proxy Service.