This documentation is for WSO2 Application Server version 5.0.0. View documentation for the latest release.

Skip to end of metadata
Go to start of metadata

WSO2 Carbon keystore management provides the facility to manage multiple keystores. This functionality is bundled with the security management feature:

Name: WSO2 Carbon - Security Management Feature

Follow the instructions below to add a new Key store to a running Carbon instance.

1. Log on to the product's Management Console select "Configure -> Key Stores."

2. The "Key Store Management" page appears. Click on the "Add New Key store" link.

3. Locate the Key store file you want to add in the "Add New Key store" page. Specify the "Key store Password," which points to the password required to access the private key.

For example,

4. Select "Key store Type" from the drop-down menu.

WSO2 Carbon supports two types of Keystores.

  • JKS (Java Key Store) : It can read and store key entries and certificate entries. However, the key entries can store only private keys.
  • PKCS12 (Public Key Cryptography Standards) : You can read a keystore in this format and can export the information from that keystore, but you cannot modify the keystore. This is used to import the certificates from different browsers into your Java keystore.

5. Click "Next."

6. In the next page, provide "Private Key Password" and click "Finish."


Key store management functionality does not let you import an existing private key for which you already have a certificate.


The default wso2carbon.jks Key store cannot be deleted.


Currently it is required to have same password for both keystore and private key. This is due to a tomcat limitation.

  • No labels