This documentation is for WSO2 Carbon 4.2.0. View documentation for the latest release.
Configuring Primary/Registry Keystores - Carbon 4.2.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

WSO2 Carbon uses several keystores to power the servlet transport and to encrypt other confidential information such as administrator passwords. The carbon.xml file in the <PRODUCT_HOME>/repository/conf directory of your product contains the configurations for the primary keystore and the registry keystore.

Note that when keystores are configured, two keystore passwords are specified in the carbon.xml file:

  • The <Password> element indicates the password of the keystore file.
  • The <KeyPassword> element points to the password required to access the private key.

Primary Keystore

The primary keystore mainly stores the keys certifying SSL connections to Carbon servers and the keys for encrypting administrator passwords as well as other confidential information. The Keystore element in the carbon.xml file is used to configure the primary keystore as given below. Note that in this example, the default keystore in your product pack (wso2carbon.jks) is used as the primary keystore.


Registry Keystore

RegistryKeyStore is a separate keystore element configurable in the carbon.xml file. This configuration applies for the keystore which stores the keys that certify encrypting/decrypting meta data to the registry. Therefore, using the registry keystore in addition to the primary keystore in the carbon.xml file allows you to maintain a separate keystore for the purpose of encrypting/decrypting meta data to the registry.

To configure the registry keystore

  1. Copy the following <RegistryKeystore> element to the carbon.xml file under the <Security> element.

                <!-- Keystore file location-->
                <!-- Keystore type (JKS/PKCS12 etc.)-->
                <!-- Keystore password-->
                <!-- Private Key alias-->
                <!-- Private Key password-->
  2. In the above example, we are referring to the default keystore in the product pack (wso2carbon.jks) as the registry keystore.  You can change these values so that the configuration corresponds to the actual registry keystore in your system.


  • No labels