Mashery Traffic Manager as an HTTPS Server with Mutual SSL
Perform the following steps to set up the Mashery Traffic Manager as an HTTPS server with mutual SSL.
Procedure
Run the upload_ssl_server_truststore_for_traffic_manager Jenkins job in the Mashery Local installer to upload the trust store.
Complete the fields in the Jenkins job as follows:
truststore_file - The key store in PKCS#12 format, which holds all
Certificate Authority
(CA ) certificates which are trusted.
truststore_password - The password protecting the trust store.
The upload_ssl_server_truststore_for_traffic_manager Jenkins job uploads the trust store (tml-tm-trust.jks) to the
/var/jenkins_home/docker-deploy/properties folder. This trust store holds all trusted CA certificates.
Note: There is a built-in sample, self-signed root CA certificate. You should upload your own trust store in the Mashery Local installer
Configure the following properties in the
/var/jenkins_home/docker-deploy/properties/tml_tm_properties.json file:
tm_truststore_password - The password protecting the trust store.
need_client_auth - Set to
true to turn on mutual HTTPs authentication.
Note: In
yam_root_.cer:changeme, "yam_root_.cer" is the certificate file name, and "changeme" is the trust store password protecting the private key. "LB" is the public IP address of the Load Balancer for Traffic Manager.