Once you have created a new key store and updated the
<SP_HOME>/resources/security/client-truststore.jks file, you must update the
<SP_HOME>/conf/<PROFILE/deployment.yaml file for each WSO2 SP profile to make that keystore work for the required functions. Keystores are used for multiple functions in WSO2 SP including securing the servlet transport, databridge communication, encrypting confidential information in configuration files etc.
wso2carbon.jkskeystore file, which is shipped with WSO2 SP, is used as the default keystore for all functions. However, in a production environment, it is recommended to create new keystores with keys and certificates because WSO2 SP is an opensource product, and anyone who downloads it has access to the default keystore.
- To find all the functions that require a keystore, you can search for
e.g., If you want to secure the listener configured for WSO2 SP using a keystore, you can enter details relating to the keystore as shown below. In this examples, the details of the default kety
| ||The path to the keystore file.|
| ||The password with which the keystore can be accessed.|
| ||The alias of the public certificate issued by the certification authority.|