All docs This doc
Skip to end of metadata
Go to start of metadata

Once you have created a new key store and updated the <SP_HOME>/resources/security/client-truststore.jks file, you must update the <SP_HOME>/conf/<PROFILE/deployment.yaml file for each WSO2 SP profile to make that keystore work for the required functions. Keystores are used for multiple functions in WSO2 SP including securing the servlet transport, databridge communication, encrypting confidential information in configuration files etc.

  • The wso2carbon.jks keystore file, which is shipped with WSO2 SP, is used as the default keystore for all functions. However, in a production environment, it is recommended to create new keystores with keys and certificates because WSO2 SP is an opensource product, and anyone who downloads it has access to the default keystore.
  • To find all the functions that require a keystore, you can search for .jks in the deployment.yaml file.

 e.g., If you want to secure the listener configured for WSO2 SP using a keystore, you can enter details relating to the keystore as shown below. In this examples, the details of the default kety

id: "default"
host: ""
port: 9390
id: "msf4j-https"
host: ""
port: 9743
scheme: https
keyStoreFile: "${carbon.home}/resources/security/wso2carbon.jks"
keyStorePassword: wso2carbon
certPass: wso2carbon

keyStoreFile The path to the keystore file.
keyStorePassword The password with which the keystore can be accessed.
certPass The alias of the public certificate issued by the certification authority.

  • No labels