Follow the guidelines below to deploy Identity Server in production. In addition to this, see Production Deployment Guidelines.
The following changes should be applied on a fresh Identity Server instance. Do not start the Identity Server until the configurations are finalized.
Changing the default keystore
- The private key is used for the HTTPS channel and for the token issuer to sign the issued tokens.
The following section of the
carbon.xml should be updated to match your private key information.
Changing the host name
Change the host names of the Identity Provider to match the "Common Name" of the certificate of the private key.
Changing the HTTP/HTTPS ports
<IS_HOME>/repository/conf/tomcat/catalina-server.xmlfile and change the HTTP and HTTPS ports in the <connector> elements.
After you install WSO2 IS, it is recommended to change the default security settings according to the requirements of your production environment.
- For more information on this area, see Configuring Security that is under the product administration guide.
- For more information on the product administration settings and recommendations, see the Product Administration guide.