Running WSO2 IS on Port 443

0
votes

I'm trying to run WSO2 IS on Port 443. Everything was originally configured to run on 9443, however, our SSL is enabled on port 443.

So I set WSO2 IS to run on Port 443 but I'm getting an HTTP Error 404.

The description being "The resource you are looking for has been removed, had its named changed or is temporarily unavailable."

SAML-SSO is configured on my WSO2-IS service, so it should do the Single Sign In process for :443/samlsso. But for some reason, it's reading in /samlsso as a directory.

Everything in my WSO2 configs are configured for port 443. (Axis2.xml, catalina-server.xml, authenticators.xml, identity.xml.)

Could this be an issue with my SSL? I'm not sure which steps to take but someone assumed I should follow https://docs.wso2.com/display/IS510/Creating+New+Keystores OR https://docs.wso2.com/display/IS530/Enabling+Mutual+SSL to enable trust with my server's SSL.

1
ssliiswso2
Are you really running the WSO2IS on 443? I mean - doesn't the WSO2IS run on 9443 and you use a reverse proxy? (this is IMHO more proper setup). Does your reverse-proxy trust the SSL certificate of the WSO2IS? - gusto2
Hey @gusto2 I've missed you. Yeah, it was meant to be a workaround due to some issues but yeah we were able to open 9443 up. By reverse-proxy, do you mean setting proxyPort="443" in catalina-server.xml? I'm hoping I can get the SSL trust to work though I don't think it will do it automatically (I'm not sure) because our SSL is enabled on port 443. - SaltySea
I've received a 404 error ("Directory or file not found") after running WSO2-IS on port 9443. - SaltySea
My question was - does the 404 response comes from WSO2IS itself or from the reverse proxy? (I'd guess the later) - gusto2
After configuring some stuff, it is able to run on port 9443 but there's a "certificate invalid" prompt. If I apply the reverse proxy (proxyPort="443") then I will get the 404 response. I'm assuming I'll need to set up trust with the server's certificate. - SaltySea

1 Answers

1
votes

I was able to configure trust between my server's certificate and WSO2 after following the guide. You must change keystore names within WSO2 files (carbon.xml, axis2.xml, etc.) after creating your new keystore for your server's certificate. Make sure to include intermediary certificates as well.