I am using WSO2APIM 2.6.0 with default configuration of databases which it is using as H2 and other settings. I have been a user of APIM 2.5.0 and things are working fine there.
But, we had some requirement to install the SSL certificate of backend server of the APIs which I create in APIM 2.5.0
On reading documentation [https://docs.wso2.com/display/AM260/Dynamic+SSL+Certificate+Installation] and [https://docs.wso2.com/display/AM260/RESTful+APIs] I understand that 2.6.0 has the feasibility to add a new SSL certificate in APIM client trustore using restAPI.
I have tested this and it seems to be working fine (adding certificate using rest api).Once you add the certificate, it seems that it has to be loaded in the gateway nodes which happens every 10 mins (by default and then it can be changed based on the requirement from axis2.xml file)
But, even after adding the certificate in client-truststore, when I click the endpoint TEST button in API Publisher it says 'Invalid Endpoint.'. The certificate does not seem to get loaded even though there are logs like below
TID: [-1234] [] [2019-09-18 14:44:51,302] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - Certificate is successfully added to the Publisher client Trust Store with Alias 'devcertificate' {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,341] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - '[email protected] [-1234]' logged in at [2019-09-18 14:44:51,341+0000] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Alias 'devcertificate' exists in the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The Transport Sender will be re-initialized in few minutes. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1234] [] [2019-09-18 14:44:51,365] INFO {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl} - The certificate with Alias 'devcertificate' is successfully added to the Gateway Trust Store. {org.wso2.carbon.apimgt.impl.certificatemgt.CertificateManagerImpl}
TID: [-1] [] [2019-09-18 14:49:12,582] INFO {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent} - Running DB sync task. {org.wso2.andes.kernel.disruptor.inbound.InboundDBSyncRequestEvent}
TID: [-1] [] [2019-09-18 14:53:28,348] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - PassThroughHttpSender reloading SSL Config.. {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - customSSLProfiles configuration is loaded from path: /opt/new/test/apim/fresh/usr/lib/wso2/wso2am/2.6.0/repository/resources/security/sslprofiles.xml {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,352] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Loading custom SSL profiles for the HTTPS sender {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder} - HTTPS Custom SSL profiles initialized for 1 servers {org.apache.synapse.transport.nhttp.config.ClientConnFactoryBuilder}
TID: [-1] [] [2019-09-18 14:53:28,358] INFO {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender} - Pass-through HTTPS Sender updated with Dynamic Configuration Updates ... {org.apache.synapse.transport.passthru.PassThroughHttpSSLSender}
So, my question here is, do we have to restart the server to reflect the certificate which are added in the client truststore to work fine. Or as per the documentation after 10mins once the certificate is loaded in the gateway node, without restarting the server the certificate gets reflected and communication with backend server can be done? am I missing anything here.
Can someone please help me with this.
Thanks