Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A built-in XKMS trust  trust web service can be used to simplify key management. If XKMS settings are obsolete, you can update them easily.

Follow the instructions below to view and update XKMS configuration in WSO2 Identity Server.1.

  1. Sign in. Enter your

...

  1. username and password to log on to the Management Console.

...

  1. Click Configure to access the Configure menu.
    Image Modified

...

  1. From

...

  1. the Configure

...

  1.  menu,

...

  1. select XKMS.

...

Image Removed

...

  1. The XKMS Configuration

...

  1.  page appears. Here you can see the current XKMS configuration.
    • Server authentication code - Specifies the authentication code used to authenticate client requests.
    • Key store location - Specifies the location of the Java key store to be used as the key store of the XKMS service.
    • Key store password - Specifies the password of the above key store.
    • Server certificate alias - Specifies the alias of the XKMS server certificate used to sign all outgoing XKMS messages.
    • Server key password - Specifies the private key password of the service used to sign all outgoing XKMS messages.
    • Issuer certificate alias - Specifies the alias of the issuer's certificate which will be used as the issuer certificate when generating certificates for public keys specified in Register requests.
    • Issuer key password - Specifies the password for the issuer's private key. This will be used when generating certificates for public keys specified in Register requests.
    • Default expiration interval - Specifies the default validity interval of generated certificates. The client can request to limit the validity period to an interval that is shorter than the default period, but cannot increase it to an interval longer than the default period.
    • Default private key password - Specifies the password to be used to store server-generated private keys.
    • Enable

...

    • persistence - Sets the flag to enable persistence. If set, it will persist the Java key store when the keys are uploaded.
      • true
      • false

    Image Modified

    The Default Configuration Values


    • Server authentication code: secret
    • Key store location: keystore.jks
    • Key store password: password
    • Server certificate alias: bob
    • Server key password: password
    • Issuer certificate alias: alice
    • Issuer key password: password
    • Default expiration interval: 365
    • Default private key password: testing
    • Enable persistence: true

...

  1.  
  2. Update the necessary options and click on

...

  1. the Update

...

  1.  button.
    Image Modified
Excerpt
hiddentrue

Instructions on how to update XKMS in WSO2 Identity Server.