This documentation is for WSO2 Carbon 4.2.0. View documentation for the latest release.
Page Comparison - Creating New Keystores (v.18 vs v.19) - Carbon 4.2.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Carbon-based products are shipped with a default  keystore default keystore named  wso2carbon.jks , which is stored in the  <PRODUCT_HOME>/repository/resources/security  directory. This keystore comes with a private/public key pair that is used to encrypt for all purposes, e.g., for encrypting sensitive information, for communication over SSL and for encryption/signature purposes in WS-Security. Find out more about how keystores are used in WSO2 products.

However, note that since  wso2carbon.jks  is available with open source WSO2 products, anyone can have access to the private key of the default keystore.   It is therefore recommended to replace this with a keystore that has self-signed or CA signed certificates when create new keystores when the products are deployed in production environments. Once the default keystore is replaced with a new one You can either use one new keystore for all purposes in your product, or you can create multiple keystores for each purpose. For example, you may use one keystore for encrypting passwords in configuration files, and a separate keystore for all other purposes. Once the new keystores are created as explained below, be sure to update the relevant configuration files.

Table of Contents


What's next?

Once you have replaced the default created a new keystore in your product as explained above, update the relevant configuration files as explained in Configuring Keystores in WSO2 Products.