If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Authenticating the communication over Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols.
  • Encrypting sensitive data such as plain-text passwords found in both product-level and product feature-level configurations/configuration files using secure vault.

  • Encrypting and signing SOAP messages using WS-Security.
Note

The default keystore that is shipped with a WSO2 product (wso2carbon.jks) is by default configured for all of the above purposes. However, in a production environment, it is required and advised to set up several different keystores with separate trust chains for the above use cases.

You can set up several keystores with separate key pairs and certificates for the above use cases in your system. It is recommended to maintain the following keystores: 

...

  • wso2carbon.jks: This is the default keystore, which contains the server’s private key and the self-signed public key certificate.
  • client-truststore.jks: This is the default trust store, which contains the trusted certificates of the keystore used in SSL communication. This is the default truststore, which contains many of the reputed root CAs that customers can use.

...

  • .

...

Managing keystores 

...