WSO2 Carbon-based products are shipped with a default keystore named default keystore named wso2carbon.jks , which which is stored in the in the
<PRODUCT_HOME>/repository/resources/security directory directory. This keystore comes with a private/public key pair that is used for all purposes, e.g., for encrypting sensitive information, for communication over SSL and for encryptionfor message encryption/signature signing purposes in WS-Security. Find out more about how keystores are used in WSO2 products.However, note that since wso2carbon.jks is available with open source WSO2 products, anyone can have access to the private key of the default keystore. It is therefore recommended to create new keystores when the products are deployed in production environments. You You can either use one new keystore for new keystore for all purposes in your product, or you can create multiple keystores for multiple keystores for each purpose. For example, you may use one keystore for encrypting passwords in configuration files, and a separate keystore for all other purposes. Once the new keystores are created as explained below
Before you start creating new keystores and replacing the default keystore configurations with new ones, be sure to
go through the recommendations for setting up keystores in WSO2 products.
Let's start creating a new keystore:
|Table of Contents|
If you are creating a new keystorefor data encryption, be sure to acquire a public key certificate that contains the Data Encipherment key usage. See the keystore recommendations for more information.
Creating a keystore using an existing certificate
Note that we are using the default client-truststore.jks file in your WSO2 product as the trust store.
To add the public key of the signed certificate to the client trust store in order to use SSL for backend communication.