Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ConfigurationDescription
Configuring transport-level security

WSO2 products support a variety of transports that make them capable of receiving and sending messages over a multitude of transport, and application-level protocols. By default, all WSO2 products are shipped with the HTTP transport. The transport receiver implementation of the HTTP transport is available in Carbon platform. The transport sender implementation comes from the Tomcat HTTP connector, which is configured in the <APIM_HOME>/repository/conf/tomcat/catalina-server.xml file.

For more information on securing the HTTP transport, see Configuring transport level security in the WSO2 Carbon documentation.

Configuring keystores

A keystore is a repository that stores the cryptographic keys and certificates. These artifacts are used for encrypting sensitive information, and establishing trust between your server and outside parties that connect to your server.

All WSO2 products come with a default keystore (wso2carbon.jks). In a production environment, it is recommended to replace it with one. You can also configure multiple keystores for different purposes.

See the following in the WSO2 Carbon documentation:

Info

To download a keystore in WSO2 API Manager, do the following:

  1. Log in to https://<hostname>:9443/carbon as the tenant admin and click on Configure.
    Image Added
  2. Select Keystores.
    Image Added
  3. Click Public Key to download the keystore for the selected tenant.
    Image Added
Securing sensitive passwords

As a secure vault implementation is available in all WSO2 products, you can encrypt the sensitive data such as passwords in configuration files using the Cipher tool.

See the following in the WSO2 Carbon documentation:

Also see how to encrypt secure endpoint passwords.

Enabling JAVA security managerSee Enabling JAVA security manager in the WSO2 Carbon documentation on how to prevent untrusted code from manipulating your system. 

...