The default keystore that is shipped with your WSO2 product (i.e. wso2carbon.jks) is assumed to be the keystore used for encrypting plain text passwords. See how you can set up and configure new keystores for encrypting plain text passwords.
If you have encrypted passwords as explained above, note that these passwords have to be decrypted again for the server to be usable. That is, the passwords have to be resolved by a system administrator during server startup.