Follow the guidelines below to deploy Identity Server in production. In addition to this, see Production Deployment Guidelines.
The following changes should be applied on a fresh Identity Server instance. Do not start the Identity Server until the configurations are finalized.
Changing the default keystore
- The private key is used for the HTTPS channel and for the token issuer to sign the issued tokens.
The following section of the
carbon.xml should be updated to match your private key information.
The private key must be available in a keystore of the "JKS" or "PKCS12" type. More information on key stores can be found here. See Setting up Keystores for more details on changing the default keystore.
KeyStore which will be used for encrypting/decrypting passwords
and other sensitive information.
<!-- Keystore file location-->
<!-- Keystore type (JKS/PKCS12 etc.)-->
<!-- Keystore password-->
<!-- Private Key alias-->
<!-- Private Key password-->
The directory under which all other KeyStore files will be stored
Changing the host name
Change the host names of the Identity Provider to match the "Common Name" of the certificate of the private key.
Host name or IP address of the machine hosting this server
e.g. www.wso2.org, 192.168.1.10
This is will become part of the End Point Reference of the
services deployed on this server instance.
Host name to be used for the Carbon management console
The URL of the back end server. This is where the admin services are hosted and
will be used by the clients in the front end server.
This is required only for the Front-end server. This is used when seperating BE server from FE server
Changing the HTTP/HTTPS ports