This documentation is for WSO2 Carbon 4.2.0. View documentation for the latest release.
Page Comparison - Configuring Keystores in WSO2 Products (v.64 vs v.65) - Carbon 4.2.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
keystore "file:${user.dir}/repository/resources/security/wso2carbon.jks", "JKS";

Configuring Secure Vault for password encryption

All passwords in configuration files are made secure by encrypting them using cipher text. When a password is encrypted, a keystore is required for creating the decryption crypto to resolve encrypted secret values. The secret-conf.properties file, stored in the <PRODUCT_HOME>/repository/conf/security/ directory is used for this purpose. Therefore, you must update this file with the relevant keystore information.

Code Block
languagetext
##KeyStores configurations
#
#keystore.identity.location=repository/resources/security/wso2carbon.jks
#keystore.identity.type=JKS
#keystore.identity.alias=wso2carbon
#keystore.identity.store.password=wso2carbon
##keystore.identity.store.secretProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler>
#keystore.identity.key.password=wso2carbon
##keystore.identity.key.secretProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler>
##keystore.identity.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer
#
#keystore.trust.location=repository/resources/security/client-truststore.jks
#keystore.trust.type=JKS
#keystore.trust.alias=wso2carbon
#keystore.trust.store.password=wso2carbon
##keystore.trust.store.secretProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler>
Excerpt
hiddentrue

NOTE to WRITERS: The following section can be used to list down product specific configuration files that use keystores. For example in BAM:

  Product-specific configurations

  • Make the following changes in the <PRODUCT_HOME>/repository/conf/identity.xml file.

    Code Block
    languagexml
    <Security>
    	<UserTrustedRPStore>
    			<!-- Keystore password -->
    			<Password>wso2carbon</Password>
    			<!-- Private Key password -->
    			<KeyPassword>wso2carbon</KeyPassword>
    	</UserTrustedRPStore>
    </Security>
    <EntitlementSettings>
    ...
    	<ThirftBasedEntitlementConfig>
    ...
    		<KeyStore>
    			<Location>${carbon.home}/repository/resources/security/<jks name>.jks</Location>
    			<Password><jks store password></Password>
    		</KeyStore>
    	</ThirftBasedEntitlementConfig>
    </EntitlementSettings>
  • If you want to use NIO sender, change the  <transportSender> section in the <PRODUCT_HOME>/repository/conf/axis2/axis2.xml file accordingly as shown below.

    Code Block
    languagexml
    <transportSender name="https" class="org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender">
            <parameter name="non-blocking" locked="false">true</parameter>
            <parameter name="keystore" locked="false">
                <KeyStore>
                    <Location>repository/resources/security/wso2carbon.jks</Location>
                    <Type>JKS</Type>
                    <Password>wso2carbon</Password>
                    <KeyPassword>wso2carbon</KeyPassword>
                </KeyStore>
            </parameter>
            <parameter name="truststore" locked="false">
                <TrustStore>
                    <Location>repository/resources/security/client-truststore.jks</Location>
                    <Type>JKS</Type>
                    <Password>wso2carbon</Password>
                </TrustStore>
            </parameter>
    </transportSender>