The transport level security protocol of the Tomcat server is configured in the
WSO2 servers use asymmetric encryption by default for the purposes of authentication and data encryption. In asymmetric encryption, keystores (with key pairs and certificates) are created and stored for the product. It is possible to have multiple keystores so that the keys used for different use cases are kept unique. The following topics explain more details on keystores.
|You also have the option of switching to symmetric encryption for the EI profile. Using symmetric encryption means that a single key will be shared for encryption and decryption of information.|
|The Java Security Manager is used to define various security policies that prevent untrusted code from manipulating your system. Enabling the Java Security Manager for WSO2 products activates the Java permissions that are in the |
All WSO2 servers contain some configuration files with sensitive information such as passwords. Let's take a look at how such plain text passwords in configuration files can be secured using the Secure Vault implementation that is built into each server.
The following topics will be covered under this section:
When you use the ESB profile of WSO2 EI, it is also possible to encrypt passwords and other sensitive information in synapse configurations. See Working with Passwords in the Integration Profile for instructions.
|Hostname verification is enabled in WSO2 servers by default, which means that when a hostname is being accessed by a particular client, it will be verified against the hostname specified in the product's SSL certificate.|
|Securing Carbon Applications|
All profiles of WSO2 EI consists of various Carbon applications such as the management console. You can apply various security configurations to these applications as follows:
You can create multiple tenants in your EI profile so that you can maintain tenant isolation in a single server/cluster. For information on configuring multiple tenants for the profile, see Working with Multiple Tenants in the WSO2 Administration Guide.
For information on updating WSO2 EI with the latest available patches (issued by WSO2) using the WSO2 Update Manager (WUM), see Updating WSO2 Products Getting Started with WUM in the WSO2 Administration Guide.