Setup WSO2 Enterprise Integrator SSL

Nemu dari sini : https://www.extraflow.fr/installer-lets-encrypt-avec-wso2-entreprise-integration-plateforme-debian-jessie/ cuman bahasa prancis

Ikutin step dibawah ini, jalanin manual aja di terminal karena ada command interaktif (untuk masukin password) dan ganti variabel di atas sesuai instalasi anda.

Asumsi file sertifikat berformat pem (seperti lets encrypt)

file sertifiakt = cert.crt
file privat eky = privkey.pem
file chain = chain.pem (bukan fullchain)

#!/bin/bash 

# jks password = wso2carbon

# variable
DOMAIN=<<ISI NAMA DOMAIN ANDA>>
CERTDIR=<<ALAMAT FOLDER YANG BERISI SERTIFIAKT>>
WSO2DIR=<<ALAMAT INSTALASI WSO2EI>>
WSO2KEYDIR=<<$WSO2DIR/repository/resources/security>>

# certificate file name in CERTDIR
CERTFILENAME=cert.crt
KEYFILENAME=privkey.pem
CHAINFILENAME=chain.pem

# backup
cp $WSO2KEYDIR/client-truststore.jks $WSO2KEYDIR/client-truststore.jks.bak.$(date +%s)
cp $WSO2DIR/conf/axis2/axis2.xml $WSO2DIR/conf/axis2/axis2.xml.bak.$(date +%s)
cp $WSO2DIR/conf/tomcat/catalina-server.xml $WSO2DIR/conf/tomcat/catalina-server.xml.bak.$(date +%s)

cd $CERTDIR

# convert crt to jks
openssl pkcs12 -export -in $CERTDIR/$CERTFILENAME -inkey $CERTDIR/$KEYFILENAME -name $DOMAIN -certfile $CERTDIR/$CHAINFILENAME -out $DOMAIN.pfx
keytool -importkeystore -srckeystore $DOMAIN.pfx -srcstoretype pkcs12 -destkeystore $DOMAIN.jks -deststoretype JKS 

# add to client-trustore
keytool -export -alias $DOMAIN -keystore $DOMAIN.jks -file $DOMAIN.pem
keytool -import -alias $DOMAIN -file $DOMAIN.pem -keystore $WSO2KEYDIR/client-truststore.jks

# copy new jks to wso 2
cp $CERTDIR/$DOMAIN.jks $WSO2KEYDIR

# update axis.xml to point the new jks for api
sed "s/wso2carbon.jks/$DOMAIN.jks/g" $WSO2DIR/conf/axis2/axis2.xml

# update catalina-server.xml to point the new jks for carbon management dashboard
sed "s/wso2carbon.jks/$DOMAIN.jks/g" $WSO2DIR/conf/tomcat/catalina-server.xml

# restart wso2
$wso2bin/integrator.sh restart

guest
0 Comments
Inline Feedbacks
View all comments