A keystore is a repository (protected by a password) that holds the keys and certificates that form (one or multiple) trust chains of digital certificates. You use these artifacts for security purposes such as protecting sensitive information and establishing trust between your server and the outside parties that connect to the server. The usage of keys and certificates contained in a keystore are explained below.
Key pairsKeys: According to public-key cryptography, the concept of a key pair (public key and the corresponding private key) is used for protecting sensitive information and for authenticating the identity of external parties that communicate with your server. For example, information that is encrypted in your server using the public key can only be decrypted using the corresponding private key. Therefore, if any party wants to decrypt this encrypted data, they should have the corresponding private key, which is usually kept as a secret (not publicly shared).
In a keystore, each trust chain entry contains the following:
Trusted certificates and certificate signing authorities: To establish trust, the digital certificate containing the public key should be signed by a trusted certificate signing authority (CA). You can generate self-signed certificates for the public key (thereby creating your own certifying authority), or you can get the certificates signed by an external CA. Both types of trusted certificates can be effectively used depending on the sensitivity of the information that is protected by the keys. When the certificate is signed by a reputed CA, all the parties who that trust this CA will also trust the certificates signed by them.
The usage of a truststore truststore in WSO2 products aligns with this concept of trust. A truststore is also just another repository (that is protected by a password ) (similar to a keystore), which stores digital certificates. These certifcates certificates can be either of the following:
By default, Every every WSO2 product is shipped with a truststore that it uses to validate the identity of third party systems been contacted.
Default keystore and truststore in WSO2 products
All WSO2 products are by default shipped with a keystore file and truststore file (stored in the