This documentation is for WSO2 API Manager 2.0.0 View documentation for the latest release.
Page Comparison - Configuring Keystores in WSO2 API Manager (v.1 vs v.2) - API Manager 2.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

For instructions on the default carbon keystore configurations, see Configuring Keystores in WSO2 Products in the WSO2 Product Administration Guide.

 

 

 

Follow the steps below to configure a keystore in WSO2 API Manager.

Configuring keystores for AMQP and MQTT transports

To configure AMQP and MQTT transports, open <API-M_HOME>/repository/conf/broker.xml. The values for the location and password parameters under keyStore and trustStore should be updated. The code below shows the default values.

Code Block
<sslConnection enabled="true" port="8672">
	<keyStore>
		<location>repository/resources/security/wso2carbon.jks</location>
        <password>wso2carbon</password>
    </keyStore>
    <trustStore>
        <location>repository/resources/security/client-truststore.jks</location>
        <password>wso2carbon</password>
    </trustStore>
</sslConnection>


Configuring keystores for Jaggery Apps SSO configuration

Open <API-M_HOME>/repository/deployment/server/jaggeryapps/publisher/site/conf/site.json. Update the values for keyStoreName and keyStorePassword as shown below.

Code Block
"ssoConfiguration" : {
        "enabled" : "true",
        "issuer" : "API_PUBLISHER",
        "identityProviderURL" : "https://localhost:9444/samlsso",
        "keyStorePassword" : "wso2carbon",
        "identityAlias" : "wso2carbon",
        "responseSigningEnabled":"true",
        "assertionSigningEnabled":"true",
        "keyStoreName" :"wso2carbon.jks",
    },

 

Configuring keystores for endpoints

Open <API-M_HOME>/repository/conf/identity/EndpointConfig.properties and update client.keyStore and client.trustStore with the location of the keystore and truststore, respectively. The default configurations are shown below.

Code Block
tenantListEnabled=false
hostname.verification.enabled=true
mutual.ssl.username=admin
client.keyStore=./repository/resources/security/wso2carbon.jks
Carbon.Security.KeyStore.Password=wso2carbon
client.trustStore=./repository/resources/security/client-truststore.jks
Carbon.Security.TrustStore.Password=wso2carbon
#identity.server.serviceURL=https://localhost:9443/services/
username.header=UserName
key.manager.type=SunX509
trust.manager.type=SunX509
tls.protocol=TLSv1.2


Configuring keystores for advanced transport handling

To have more advanced transport handling functions using keystores, you need to update the <API-M_HOME>/repository/conf/tomcat/catalina-server.xml file and the <API-M__HOME>/repository/conf/axis2/axis2.xml file.