I have kube config having client-certificate-data and client-key-data, how can I use this in karate to make api calls?
Is there a way to use these pem certificate in karate to configure ssl keystore ?
Any example for doing this ?
Related
To serve https requests in Ktor, their documentation states you need to set some config properties (ktor.security.ssl) in application.conf, such that Ktor can find the ssl certificate. However, I want to retrieve the ssl certificate from another server (via an encrypted connection).
Can I setup my Ktor server in such a way that I retrieve this certificate and enable https on server startup?
If anyone is still wondering about this, the way to do this is to start your Ktor server as an embedded server and supply it with your own ApplicationEngineEnvironment (As a reference you can use the function io.ktor.server.engine.CommandLine.Kt).
In this ApplicationEngineEnvironment you can customize the way the SSL certificate is loaded.
I'm trying to get a SOAP web service set up with Spyne. So far, so good. I have a web service,but not I need to secure the data in-flight with SSL. Is there a way to attach a certificate to the Spyne app so my connection is encrypted?
Thank you!
I've looked at the help guides on Spyne.io and have not found the info I need about SSL.
You need to use either a reverse proxy setup (like nginx) that will terminate the SSL connection outside of the Python process (recommended) or you have to use OpenSSL (or similar) bindings to create an SSL socket for yourself.
You can use twisted's ssl capabilities via the WsgiApplication. Have a look: https://twisted.readthedocs.io/en/twisted-17.9.0/web/howto/using-twistedweb.html
I want to call a third party web service from TIBCO BW6.X via SOAP over HTTPS by using basic authentication.
I can do it with SOAPUI just by adding authorization as a HTTP header with the key (like Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1) and it works fine. But using BW, I have to create an SSL resource with certifcates to use HTTPS.
My question is : Can I connect to a web service using HTTPS URL without SSL/certificates? If yes, then how? else, why can I do it with SOAPUI?
Thanks.
The answer depends on the soap client you are using. Basically you need just ignore the certificate validation as far as i interpret your question.
Example for php:
Disable certificate verification in PHP SoapClient
I have an application installed in tomcat which currently I am running on http.
Also I have used AWS API gateway to expose my application .
I want to implement mutual auth between aws api gateway and my api which we have created .
Is there any document which I can refer.
Also is it possible to implement mutual authentication with AWS API gateway and my api.
This is definitely possible by installing an SSL certificate in Tomcat and using the Client Certificate feature of API Gateway. See http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
The API Gateway server must use a certificate the AWS ACM issues.
The Gateway itself uses another AWS-generated certificate to authenticate with your backend.
Is it possible to use mutual authentication (client SSL certificates) with WSO2 ESB? (I'm not talking about WS-Security.)
I see that it is possible to add custom keystores to the ESB but I could not find any information on how to specify what client key to use when connecting to a specific backend.
Yes. You can enable mutual authentication for ESB proxy service. Here you want to do small configuration to enable mutual authentication for all proxy service . You can edit axis2.xml file and change following property to "require"
<parameter name="SSLVerifyClient">require</parameter>
More details you can find here. However, if you are enabling mutual authentication for given set of proxy services, There is some more to do.. More details you can find here. There was an issue with older release in ESB. therefore you need some patches to install. but with 4.7.0 and 4.8.0 (next release). there have been fixed.
It is actually quite simple to set up mutual SSL authentication between the ESB and a back-end server. This requires configuration of the back-end server as well. Because the ESB serves as a 'client' when initiating a connection with the back-end, the back-end server is responsible for requesting the 'mutual' SSL instead of one-way SSL. See this nice mutual SSL article for reference [1].
In order to successfully use mutual SSL with a back-end server,
Load the back-end server's public certificate into the default
truststore, which is located in: repository/resources/security/client-truststore.jks (That's it!
That's the only change necessary on the WSO2 ESB side.)
Load the public certificate from the WSO2 keystore into the back-end server's
keystore.
Configure the back-end server to request mutual SSL.
If you're using a CA certificate instead of the default self-signed certificate, skip step 2.
Cheers,
Colin
[1] http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication