Nav

HTTPS Reference

When deploying to the CloudHub, you can perform an automatic deployment only if you use an HTTP listener that doesn’t enable HTTPS. To use HTTPS with the client app on CloudHub, in the Configure Endpoint dialog, you select HTTPS as a scheme on the dropdown menu. You download the proxy and modify the proxy to include an HTTPS Configuration element with HTTPS credentials. Include the following lines of code into your proxy’s proxy.xml file, include this outside any of the flows:


         
      
1
2
3
4
5
6
<http:listener-config name="https-lc-0.0.0.0-8082" host="0.0.0.0" port="8082" protocol="HTTPS">
    <tls:context name="tls-context-config">
       <tls:key-store path="[replace_with_path_to_keystore_file]" password="[replace_with_store_password]"
             keyPassword="[replace_with_key_password]"/>
    </tls:context>
</http:listener-config>

Replace the placeholders with the actual path and passwords of the keystore. Verify that the  http:listener element in the flow is correctly referencing this new configuration element you just added.

config-ref="https-lc-0.0.0.0-8082"

HTTPS with an API

In Configure Endpoint, provide an implementation URI to an HTTPS address. Specifying an HTTPS address modifies the proxy to support HTTPS. By default, the proxy signs requests using the default HTTPS credentials of the JVM.

If you want to include other HTTPS credentials, download the proxy and modify it accordingly. If you plan to import your proxy application into Studio 6.x or later, you can configure the endpoint to link the application to a domain or not. When importing your proxy application into Studio 5.x, your project is linked to a domain project named api-gateway, which is automatically created in studio if not already present. This domain project is identical to the domain that exists in CloudHub and in your default API Gateway On-Premises. It’s necessary for being able to deploy your app to the Anypoint Studio server under the same conditions as those present when you deploy the app to production. If you modify your domain on the On-Premises installation to include HTTPS credentials, replicate those changes on the domain that exists in Studio to match deployment conditions.

Modify the http:request-config element in the proxy.xml file of the proxy to include TLS configuration elements that point to the required truststore/keystore.