All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Default keystore settings in WSO2 products

WSO2 SP is shipped with two the following default keystore files stored in the <SP_HOME>/resources/security/ directory.

  • wso2carbon.jks: This keystore contains a key pair and is used by default in your SP servers for all of the purposes explained above, except protecting sensitive information via Cipher tool
  • securevault.jks: This is the default keystore used by the secure vault to protect sensitive information via Cipher tool.
  • client-truststore.jks: This is the default trust store, which contains the trusted certificates of the keystore used in SSL communication.

By default, the following files of each SP profile refers refer to these keystores:

  • <SP_HOME>/wso2/<PROFILE>/bin/carbon.sh file 

    This script is run when you start an SP server. It contains the following parameters, and makes references to the two files mentioned above by default.

    ParameterDefault ValueDescription
    keyStore"$CARBON_HOME/resources/security/wso2carbon.jks" \This specifies the path to the keystore to be used when running the SP server on a secure network.
    keyStorePassword"wso2carbon" \The password to access the keystore
    trustStore"$CARBON_HOME/resources/security/client-truststore.jks" \This specifies the path to the trust store to be used when running the server on a secure network.
    trustStorePassword"wso2carbon" \The password to access the trust store.
  • <SP_HOME>/conf/<PROFILE>/deployment.yaml file refers to the above keystore and trust store by default for the following configurations:
    • Listener configurations
      This specifies the key store to be used when WSO2 SP is receiving events via a secure network and the password to access the key store.
    • Databridge configurations
      This specifies the key store to be used when WSO2 SP is publishing events via databrige using a secure network, and the password to access the key store.
    • Secure vault configurations
      This specifies the key store to be used when you are configuring a secure vault to protect sensitive information.

...

You can view the default keystores and truststores in the <SP_HOME>/resources/security/ directory. Once you create your own keystore, you can delete the default keystores, but you need to ensure that they are no longer referenced in any SP profile in the <SP_HOME>/wso2/<PROFILE>/bin/carbon.sh file or the <SP_HOME>/conf/<PROFILE>/deployment.yaml file file.