Unknown macro: {search-box}
Child pages
  • Keystores

This documentation is for WSO2 Data Services Server 3.1.0. View the home page of the latest release.

Skip to end of metadata
Go to start of metadata

A keystore works as a repository for security certificates and keys that are stored in a database. A keystore must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity certifies the trusted party's public keys by signing them. When the CA is a trusted one, all parties trust and accept the public key certificates signed by that particular CA.

Note the following regarding WSO2 keystore management feature:

  • You cannot import an existing private key to which you already have a certificate
  • You cannot delete the default wso2carbon.jks keystore
  • You must have the same password for both keystore and private key, due to a Tomcat limitation
  • You cannot remove a service before disabling its security

You can add and manage multiple keystores using the management console of WSO2 products, as explained in the steps below:

  1. Log in to the product's management console and select sub menu Keystores under the Configure menu.

  2. The Keystore Management page opens. Click Add New Keystore.

  3. In the page that opens, provide the following information:
    • Keystore File : The file where security certificates are stored in order to sign data to be transmitted.
    • Keystore Password : Must give the same password required to access the private key.
    • Provider :
    • Keystore Type : WSO2 supports two types of keystores as follows:
      • JKS (Java Keystore) : You can read and store key entries and certificate entries in this type. Key entries can store only private keys.
      • PKCS12 (Public Key Cryptography Standards) : You can read a keystore in this format and export the information from that keystore, but you cannot modify the keystore. This is used to import the certificates from different browsers into your Java keystore.
    For example,    
  4. Click Next, provide Private Key Password in and Finish.
  • No labels