...
Now you have a Java keystore including a CA-signed certificate that can be used in a production environment. Next, you must add its public key to the client-truststore.jks
file to enable backend communication and inter-system communication via SSL.
Adding the public key to client-truststore.jks
Anchor | ||||
---|---|---|---|---|
|
In SSL handshake, the client needs to verify the certificate presented by the server. For this purpose, the client usually stores the certificates it trusts, in a trust store. All WSO2 products are shipped with the trust store named client-truststore.jks, which resides in the same directory as the keystore (
<PRODUCT_HOME>/repository/resources/security/
). Therefore, we need to import the new public certificate into this trust store for frontend and backend communication of WSO2 products to happen properly over SSL.Note |
---|
Note that we are using the default client-truststore.jks file in your WSO2 product as the trust store in this example. |
To add the public key of the signed certificate to the client trust store:
...