A keystore works as a repository for security certificates and keys that are stored in a database. A keystore must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity certifies the trusted party's public keys by signing them. When the CA is a trusted one, all parties trust and accept the public key certificates signed by that particular CA.
WSO2 products provide facility to add keystores using add keystores using the management console or using an XML configuration, and import certificates to the keystore using keystore using the management console. WSO2 WSO2 keystore management feature provides a UI and an API to add and manage keystores used for WS-Security scenarios. When you apply WS-Security to Web services using the management console, you can select a keystore from uploaded keystores for encryption/signing processes. The management console also allows you to viewto view/delete keystoreskeystores.
All the functions of keystore management are exposed via APIs. As a result, if you are writing a custom extension to a WSO2 product (e.g., for WSO2 ESB mediators), you can directly access configured keystores using the API. The API hides the underlying complexity, allowing you to easily use it in third-party applications to manage their keystores as well.
...