WSO2 Carbon-based products are shipped with a default keystore default keystore named wso2carbon.jks , which is stored in the <PRODUCT_HOME>/repository/resources/security directory. This keystore comes with a private/public key pair that is used to encrypt for all purposes, e.g., for encrypting sensitive information, for communication over SSL and for encryption/signature purposes in WS-Security. Find out more about how keystores are used in WSO2 products.
However, note that since wso2carbon.jks is available with open source WSO2 products, anyone can have access to the private key of the default keystore. It is therefore recommended to replace this with a keystore that has self-signed or CA signed certificates when create new keystores when the products are deployed in production environments. Once the default keystore is replaced with a new one You can either use one new keystore for all purposes in your product, or you can create multiple keystores for each purpose. For example, you may use one keystore for encrypting passwords in configuration files, and a separate keystore for all other purposes. Once the new keystores are created as explained below, be sure to update the relevant configuration files.
Table of Contents maxLevel 3 minLevel 3
...
What's next?
Once you have replaced the default created a new keystore in your product as explained above, update the relevant configuration files as explained in Configuring Keystores in WSO2 Products.