Importing Truststore Configuration Configured in API Gateway
When SSL configurations are imported from API Gateway to Microgateway, they must function seamlessly without any disruption. The multiple truststore files used in API Gateway are successfully imported into Microgateway at startup and used across different SSL configurations. You can copy the truststore configurations from API Gateway including the passwords to these files during the Microgateway instance creation. These password files and truststore configurations are loaded during Microgateway startup.
Microgateway works with one single truststore for all purposes. You can manage this truststore with an entry in config/system-settings.yml, similar to the keystore definition:
By default, Microgateway does not use any particular truststore for communication. In such a case, the default cacerts are located in the Microgateway JVM.
API Gateways may have more than one truststore defined. If the API Gateway instance from where the truststore is imported has multiple truststores, then specify multiple truststore names (and passwords) to import them from respective truststores.
You can also use the import_truststore parameter within createDockerFile, where the truststore used within the image is prepared with importing certificates. The resulting truststore is targeted in the folder for creating the docker image: .../Microgateway/tmp-docker/truststore.jks
To import the truststore configuration from an
API Gateway instance
1. You can perform one of the following based on your requirement:
To create a new
Microgateway instance and import the default truststore from
API Gateway, run the following command:
./microgateway.sh createInstance -gwd c:/SoftwareAGapigw
-itf name -itp pwd
Where the name is set to "." . In this case the API Gateway default trust store platform_truststore.jks is imported.
For example, if you want to import the default truststore, run the following command:
microgateway createInstance -gwd c:/SoftwareAGapigw -itf default -itp manage
Where the default truststore is default and password is manage.
To start the
Microgateway server and import certificates from multiple truststores configured and available in c:/SoftwareAGapigw/common/conf/mytrust/my_truststore_file.jks, run the following command:
./microgateway.sh start -c config.yml -gwd c:/SoftwareAGapigw
-itf name[,name...]
-itp pwd[,pwd...]
Where, the name argument is the truststore name of the user-configured trust store.
Microgateway reads all the certificates from the API Gateway truststore(s) and saves them to the Microgateway truststore. If a certificate being imported is already present in the Microgateway truststore, then it gets overwritten.
For example, if you want to import certificates from two user-configured truststores from c:/SoftwareAGapigw/common/conf/mytrust/my_truststore_file.jks, run the following command:
./microgateway.sh start -c config.yml -gwd c:/SoftwareAGapigw -itf mytrust,mytrust2
-itp mytrustpwd,mytrustpwd2
To create a Docker file by importing truststore data from
API Gateway, run the following command:
./microgateway.sh createDockerFile -c config.yml -dod . -gwd c:/SoftwareAGapigw
-itf - -itp manage
Here, - denotes that you are importing the default truststore and the truststore is updated in .../Microgateway/tmp-docker/truststore.jks