Mashery Traffic Manager as an HTTPS Server with Mutual SSL

Perform the following steps to set up the Mashery Traffic Manager as an HTTPS server with mutual SSL.

1. Run the upload_ssl_server_truststore_for_traffic_manager Jenkins job in the Mashery Local installer to upload the trust store.

   Complete the fields in the Jenkins job as follows:

   • truststore_file - The key store in PKCS#12 format, which holds all Certificate Authority (CA ) certificates which are trusted.
   • truststore_password - The password protecting the trust store.

   

   The upload_ssl_server_truststore_for_traffic_manager Jenkins job uploads the trust store (tml-tm-trust.jks) to the /var/jenkins_home/docker-deploy/properties folder. This trust store holds all trusted CA certificates.

   Note: There is a built-in sample, self-signed root CA certificate. You should upload your own trust store in the Mashery Local installer
2. Configure the following properties in the /var/jenkins_home/docker-deploy/properties/tml_tm_properties.json file:
   • tm_truststore_password - The password protecting the trust store.
   • need_client_auth - Set to true to turn on mutual HTTPs authentication.

   For example:

   "tm_truststore_password": "changeme",
   "need_client_auth": false,

3. Verify your mutual HTTPS authentication configuration using the following example curl command:

   curl -k -v --key PATH_TO_KEY/yam_root_.pkcs8 --cert PATH_TO_CERT/yam_root_.cer:changeme -H 'host: calypsoqa.api.mashery.com' https://$LB:443/mock?api_key=mycustomkey

   Note: In yam_root_.cer:changeme, "yam_root_.cer" is the certificate file name, and "changeme" is the trust store password protecting the private key. "LB" is the public IP address of the Load Balancer for Traffic Manager.