If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Key pairs: According to public-key cryptography, the concept of a key pair (private public key and the corresponding public private key) is used for encrypting protecting sensitive information and for authenticating the identity of external parties that communicate with your server. For example, information that is encrypted in your server using the public key can only be decrypted using the corresponding private key. Therefore, if any party wants to decrypt this encrypted data, they should have the corresponding private key, which is usually kept as a secret (not publicly shared).


In a keystore, each trust chain entry contains the following:

  • A private key protected by a password.
  • A digital certificate in which the public key (corresponding to the private key) is embedded
  • If that certificate is not self-signed, the associated chain of trusted certificate signing authorities to verify trust.

Digital certificate:
 When there is a key pair, it is also necessary to have a digital certificate to verify the identity of the keys. Typically, the public key of a key pair is embedded in this digital certificate, which also contains additional information such as the owner, validity, etc. of the keys. For example, if an external party wants to verify the integrity of data or validate the identity of the signer (by validating the digital signature), it is necessary for them to have this digital certificate.