(1) There isn't anything to be done with dev studio. You need to import the backend's certificate to the trust store of the WSO2 server.
(2) You can create a proxy service and call the secured backend. Since your backend is secured by UT policy, you have to construct a username token when calling it. We can use a class mediator to construct and set a username token.
More details can be found at : http://xacmlinfo.org/2014/03/25/how-to-esb-invoking-username-token-secured-backend-service/
Following is the simplified version of the class mediator.
public class UTTokenBuilder extends AbstractMediator{
@Override
public boolean mediate(MessageContext messageContext) {
try {
org.apache.axis2.context.MessageContext context = ((Axis2MessageContext) messageContext)
.getAxis2MessageContext();
context.getOptions().setUserName("admin");
context.getOptions().setPassword("admin");
return true;
} catch (SynapseException e) {
throw e;
} catch (Exception e) {
throw new SynapseException("Error while building UT Token");
}
}
}
And following is the sample proxy to call the secured backend.
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="sec2"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="http,https">
<target>
<inSequence>
<class name="org.soasecurity.wssecurity.ut.mediator.UTTokenBuilder"/>
<call>
<endpoint>
<address uri="https://localhost:8243/services/secTestProxy">
<enableSec policy="conf:/UTPolicy.xml"/>
</address>
</endpoint>
</call>
<respond/>
</inSequence>
</target>
<description/>
</proxy>
Please note I've used an address endpoint for simplicity.