I am using wso2 API Manager 2.1 to access a backend REST API over TLS/SSL. Given this is an internal application I am using self-signed certificates. I have imported them as per the documentation and everything seems to work in 'sandbox'. However, it does not work in 'production'. I think I've read somewhere that this is default 'out of the box' behavior but I cannot for the life of me find the source document to verify it. Please could someone advise if this behavior is correct, and if possible provide a workaround for using self-signed certs in production. Please note I don't want to buy a CA Signed Cert and using a trial/wildcard CA Cert will be problematic because I'm sealed off from the outside world (i.e. no admin@fqdn). Thanks.
Asked
Active
Viewed 470 times
1
-
Whilst I have not found a definitive answer as to whether 'production' requires a signed certificate I have kind of proved this empirically by discovering how to sign my own certificates. I followed this guide, https://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority and then imported the resulting signed certificate after which everything worked. – Stewpid Sep 06 '17 at 09:44