All WSO2 products are by default shipped with a keystore file and truststore file (stored in the
wso2carbon.jks: This is the default keystore, which contains a the server’s private key pair and is used by default in your Carbon server for all of the purposes explained above. the self-signed public key certificate.
.jks: This is the default trust store, which contains the trusted certificates of the keystore used in SSL communication. This is the default truststore, which contains many of the reputed root CAs that customers can use.
It is recommended to replace this default keystore with a new keystore that has self-signed or CA signed certificates when the products are deployed in production environments. This is because wso2carbon.jks is available with open source WSO2 products, which means anyone can have access to the private key of the default keystore.