After you have created a new keystore and updated the
client-truststore.jks file, you must update a few configuration files in order to make the keystore work the way it is intended to. Note that keystores are used for multiple functions in WSO2 products, which includes securing the servlet transport, encrypting confidential information in configuration files, etc. Therefore, you must update the specific configuration files with the relevant keystore information. For example, you may have separate keystores for the purpose of encrypting passwords in configuration files, and for securing the servlet transport.
The primary keystore mainly stores the keys certifying SSL connections to Carbon servers and the keys for encrypting administrator passwords as well as other confidential information. The
Keystore element in the
carbon.xml file, stored in the <
PRODUCT_HOME>/repository/conf/ directory must be updated with details of the primary keystore. The default configuration is shown below.