Skip to content

Multi-HTTPS Transport

You can enable dynamic SSL profiles for the Micro Integrator by updating the deployment.toml file with the required SSL profile configurations. Also, you can dynamically load the SSL profiles at runtime using a periodic schedule or JMX invocation. That is, instead of reloading the entire deployment.toml at runtime, you can reload the new configuration files that contain only the custom profile information for the sender and receiver.

Enabling dynamic SSL profiles

The following configuration changes should be done in the Multi-HTTPS transport receiver and sender.

Dynamic SSL profiles for the Multi-HTTPS transport listener:

  1. Open the deployment.toml file (stored in the MI_HOME/conf directory) and add the following parameters.

    [transport.http]
    listener.ssl_profile.file_path = "conf/sslprofiles/listenerprofiles.xml"
    listener.ssl_profile.read_interval = 600000
  2. Create the listenerprofiles.xml file with the following configuration in the MI_HOME/conf/sslprofiles directory:

    Info

    You can configure the file path for the listenerprofiles.xml file as required.

    <parameter name="SSLProfiles">
    <profile>
            <bindAddress>192.168.0.123</bindAddress>
            <KeyStore>
                <Location>repository/resources/security/esb.jks</Location>
                <Type>JKS</Type>
                <Password>123456</Password>
                <KeyPassword>123456</KeyPassword>
                </KeyStore>
            <TrustStore>              
                <Location>repository/resources/security/esbtruststore.jks</Location>
                <Type>JKS</Type>
                <Password>123456</Password>
            </TrustStore>
            <SSLVerifyClient>require</SSLVerifyClient>
        </profile>
    </parameter>

    The SSL profile will be applied to each request that is received at the IP specified within the <bindAddress> element.

Dynamic SSL profiles for the Multi-HTTPS transport sender:

  1. Open the deployment.toml file (stored in the MI_HOME/conf directory) and add the following parameters.

    [transport.http]
    sender.ssl_profile.file_path = "conf/sslprofiles/senderprofiles.xml"
    sender.ssl_profile.read_interval = 600000
  2. Create the senderprofiles.xml file with the following configuration in the MI_HOME/conf/sslprofiles directory:

    Info

    You can configure the file path for the senderprofiles.xml file as required.

    <parameter name="customSSLProfiles">
        <profile>
            <servers>localhost:8244,192.168.1.234:8245</servers>
            <KeyStore>
                <Location>repository/resources/security/esb.jks</Location>
                <Type>JKS</Type>
                <Password>123456</Password>
                <KeyPassword>123456</KeyPassword>
            </KeyStore>
            <TrustStore>          
                <Location>repository/resources/security/esbtruststore.jks</Location>
                <Type>JKS</Type>
                <Password>123456</Password>
            </TrustStore>
        </profile>
    </parameter>

    The SSL profile will be applied to each request that is sent to the destination server specified within the <servers> element as IP:Port combination.

Loading SSL profiles at runtime

You can either use a periodic schedule or a JMX invocation to apply custom profiles at runtime. The following section describes the two options in detail:

  • Periodic schedule: If you use this option, the Micro Integrator will automatically check updates of the file content and apply the custom profiles based on the value specified in the fileReadInterval parameter. For example, if you have set the fileReadInterval as 1 hour, The Micro Integrator will automatically check updates of the file content and apply the custom profile every 1 hour.

  • JMX Invocation: If you use this option, custom profiles will be applied dynamically by invoking the notifyFileUpdate method in the respective sender/listener MBean under the ListenerSSLProfileReloader or SenderSSLProfileReloader group in JConsole.

The following table provides information on the parameters that you can set when you enable dynamic SSL profiles:

Parameter Name Description Default Value
filePath The relative/absolute file path of the custom SSL profile configuration XML file. -
fileReadInterval The time interval (in milliseconds) in which configuration updates will be loaded and applied at runtime. This value should be greater than 1 minute. 3600000
Top