All docs This doc
Skip to end of metadata
Go to start of metadata

WSO2 ESB uses several keystores to power the HTTPS transport and encrypt other confidential information such as administrator passwords. The keystore of the HTTPS transport is configured in the axis2.xml file under the HTTPS transport receiver and HTTPS transport sender configurations. See Working with Transports.

<parameter name="keystore" locked="false">
	<KeyStore>
		<Location>resources/security/wso2carbon.jks</Location>
		<Type>JKS</Type>
		<Password>wso2carbon</Password>
		<KeyPassword>wso2carbon</KeyPassword>
	</KeyStore>
</parameter>
<parameter name="truststore" locked="false">
	<TrustStore>
		<Location>resources/security/client-truststore.jks</Location>
		<Type>JKS</Type>
		<Password>wso2carbon</Password>
	</TrustStore>
</parameter>

The default keystores can be found in ESB_HOME/repository/resources/security directory. To change the keystores used by the HTTPS transport, update the HTTPS transport receiver and sender configurations by specifying the paths to keystores files and other attributes of the files such as the keystores passwords.

Note

Under the <KeyStore> element two (2) password values must be specified.

The <Password> element should indicate the password of the keystores file.
The <KeyPassword> element should point to the password required to access the private key.

The <KeyPassword> element should not be changed manually if it is not changed by the key tool. However, it can be changed using the following command:

keytool -keypasswd -alias <key_name> -keystore <keystore_name>

 

The keystores used to encrypt administrator passwords and other confidential information in Carbon are configured in ESB_HOME/repository/conf/carbon.xml file. This keystores configuration can be found under the <security> element of the carbon.xml file.

<KeyStore>
	<Location>${carbon.home}/resources/security/wso2carbon.jks</Location>
	<Type>JKS</Type>
	<Password>wso2carbon</Password>
	<KeyAlias>wso2carbon</KeyAlias>
	<KeyPassword>wso2carbon</KeyPassword>
</KeyStore>

Tip

If you change a keystore password, you need to update the following configuration files with the new password for the change to be effective.

  • <PRODUCT_HOME>/repository/conf/carbon.xml
  • <PRODUCT_HOME>/repository/conf/axis2/axis2.xml (In the Transport Ins (Listeners) and Transport Outs (Senders) sections for the relevant transport)
  • No labels