How ever when I tried to send HTTPS requests through the load balancer I encountered ssl certificate errors. Reason being the certificate setup for Nginx when setting up the cluster being not available inside our WSO2 key stores.
As a solution I imported the server.crt certificate file to WSO2 key stores and carry out my intended operations as expected without any certificate trouble. Here is how to do it.
1. Issue the following command which will give you basic certificate details and prompt a question. (It is assumed that both server.crt and wso2carbon.jks is in same folder; or else give the path accordingly)
> keytool -import -file server.crt -alias nginx -keystore wso2carbon.jks -storepass wso2carbon Owner: EMAILADDRESS=sameera@wso2.com, CN=Sameera, OU=Carbon, O=WSO2, L=Colombo, ST=Western, C=SL Issuer: EMAILADDRESS=sameera@wso2.com, CN=Sameera, OU=Carbon, O=WSO2, L=Colombo, ST=Western, C=SL Serial number: 8b1edfc651beb3a3 Valid from: Tue Jun 16 19:40:22 IST 2015 until: Wed Jun 15 19:40:22 IST 2016 Certificate fingerprints: MD5: 1C:50:BB:9A:A1:01:49:D9:19:D2:BC:60:8F:6A:9A:11 SHA1: 75:5D:B8:1B:F7:9F:05:46:BC:07:BA:C2:0E:7D:B1:B4:58:17:26:27 SHA256: 17:C3:73:0E:D7:24:28:E5:FB:FE:A5:C4:C8:D9:A4:07:55:59:BA:55:37:1B:E8:14:12:64:7F:16:7A:A6:C3:C9 Signature algorithm name: SHA256withRSA Version: 1
Question being asked is,
Trust this certificate? [no]: yes
2. Type yes as shown above and press enter. You will get a response as follows.
Certificate was added to keystore
That's it. :)
Sample output:
> keytool -list -alias nginx -keystore client-truststore.jks -storepass wso2carbon -v > keytool -list -alias nginx -keystore wso2carbon.jks -storepass wso2carbon -v
Sample output:
Alias name: nginx Creation date: Aug 21, 2015 Entry type: trustedCertEntry Owner: EMAILADDRESS=user@comp.com, CN=user, OU=Carbon, O=COMP, L=Colombo, ST=Western, C=SL Issuer: EMAILADDRESS=user@comp.com, CN=user, OU=Carbon, O=COMP, L=Colombo, ST=Western, C=SL Serial number: 8b1edfc651beb3a3 Valid from: Tue Jun 16 14:10:22 UTC 2015 until: Wed Jun 15 14:10:22 UTC 2016 Certificate fingerprints: MD5: 1C:50:BB:9A:A1:01:49:D9:19:D4:BC:60:8F:6A:9A:11 SHA1: 75:5D:B8:1B:F7:9F:05:46:BC:27:BA:C2:0E:7D:B1:B4:58:17:26:27 SHA256: 17:C3:73:0E:D7:24:28:E5:FB:FE:A5:C4:C4:D9:A4:07:55:59:BA:55:37:1B:E8:14:12:64:7F:16:7A:A6:C3:C9 Signature algorithm name: SHA256withRSA Version: 1