When is this certificate used
This certificate is used to validate the signatures of the signed requests from the application (service provider) to the Identity Server. Therefore, the certificate is used in below scenarios:
Format of the certificate
WSO2 IS expects the certificate to be in PEM format.
PEM is a Base64 encoded format, therefore contains ASCII character and easier to deal with rather than a binary encoded certificate.
How to obtain the PEM encoded certificate
The PEM content of a certificate in a JKS file, can be obtained by following the steps below:
1. Export the certificate from the keystonekeystore. The exported certificate will be in binary format.
keytool -export -keystore <keystore-path> -alias <alias-of-the-certificate> -file <path-of-the-expected-certificate-file>
e.g. keytool -export -keystore wso2carbon.jks -alias wso2carbon -file wso2carbon.crt
2. Convert the above binary encoded certificate to a PEM encoded certificate
openssl x509 -inform der -in <path-of-binary-certificate> -out <path-of-expected-pem-content>
e.g. openssl x509 -inform der -in wso2carbon.crt -out wso2carbon.pem