CODEWITHSUNDEEP
wso2mtlswso2-micro-integrator
Amila Senadheera
Amila Senadheera

Reputation: 13245

public cert is not picked from keystore provided in wso2 micro integrator

I have created a MI project using Hello World Docker template using Integration Studio 7.2.0. I want to setup mTLS for the service. I have configured the keystore like below.

deployment.toml


[keystore.tls]
file_name = "interceptor.jks"
password = "wso2carbon"
alias = "interceptor"
key_password = "wso2carbon"

[truststore]
file_name = "interceptor.jks"
password = "wso2carbon"
alias = "mg"
algorithm="AES"

interceptor.jks contains client cert with alias mg and privateKey with alias interceptor. This service is invoked using cURL as below.

curl --cacert interceptor.pem --cert mg.pem --key mg.key  "https://xml-interceptor:8253/api/v1/handle-request" -H "content-type: application/json" -H "accept: application/json" -d '{"requestBody": "eyJuYW1lIjoiVGhlIFByaXNvbmVyIn0="}' -v

And it fails. While it is successful with -k option I noticed that the cert received to the client is below and not the one I configured in deployment.toml

* Server certificate:
*  subject: C=US; ST=CA; L=Mountain View; O=WSO2; OU=WSO2; CN=localhost
*  start date: Oct 23 07:30:43 2019 GMT
*  expire date: Jan 25 07:30:43 2022 GMT
*  issuer: C=US; ST=CA; L=Mountain View; O=WSO2; OU=WSO2; CN=localhost
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> POST /api/v1/handle-request HTTP/1.1

I get this in Micro Integrator logs,

[2022-06-15 13:38:29,417]  WARN {SourceHandler} - I/O error: Received fatal alert: unknown_ca

Seems it is unable to read the cert I configured. Any idea how to sort out this issue?

I have already tried importing the privateKey to wso2carbon.jks as well.

Upvotes: 1

Views: 272

Answers (1)

Pubci
Pubci

Reputation: 4001

In your case, it seems the keystore is not getting updated.

You can build the docker image from the Integration Studio as specified in here[1].

Then you can mount the new keystore to the MI container [2].

[1] - https://apim.docs.wso2.com/en/latest/integrate/develop/create-docker-project/#build-and-push-docker-images

[2] - https://docs.docker.com/storage/volumes/#start-a-container-with-a-volume

Upvotes: 1

Related Questions