WSO2 AS uses several keystores to power the HTTPS transport and to encrypt other confidential information such as administrator passwords. The keystores used to encrypt administrator passwords and other confidential information in Carbon is configured in the <PRODUCT_HOME>/repository/conf/carbon.xml
file (under the <security
> element). Two keystore elements in the carbon.xml
file can be used to configure the keystore: Primary keystore (Keystore
) and Registry Keystore (RegistryKeystore
).
Info |
---|
The default keystore named |
Table of Contents | ||||
---|---|---|---|---|
|
Primary Keystore
The KeyStore
element configured in the carbon.xml
file can be considered as the default Carbon keystore element. This is used for the primary keystore, which mainly stores the keys certifying SSL connections to Carbon servers, and for encrypting administrator passwords as well as other confidential information. The keystore configuration in the carbon.xml
file is as given below. Note that in this example, we are using the default key store in the product pack (wso2carbon.jks).
Code Block |
---|
<KeyStore>
<Location>${carbon.home}/resources/security/wso2carbon.jks</Location>
<Type>JKS</Type>
<Password>wso2carbon</Password>
<KeyAlias>wso2carbon</KeyAlias>
<KeyPassword>wso2carbon</KeyPassword>
</KeyStore> |
Registry Keystore
RegistryKeyStore
is a separate keystore element configurable in the carbon.xml
file. Using this RegistryKeystore
element in addition to the Keystore
element in the carbon.xml
file allows you to maintain a separate keystore with a different certification for the purpose of encrypting/decrypting meta data to the registry. The registry keystore configuration in the carbon.xml
file is as given below. Note that in this example, we are using the default key store in the product pack (wso2carbon.jks).
Code Block |
---|
<RegistryKeyStore> <!-- Keystore file location--> <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>wso2carbon</Password> <!-- Private Key alias--> <KeyAlias>wso2carbon</KeyAlias> <!-- Private Key password--> <KeyPassword>wso2carbon</KeyPassword> </RegistryKeyStore> |
Keystore of the HTTPS transport
The keystore of the HTTPS transport is configured in the the axis2.xml
file file under the HTTPS transport receiver and HTTPS transport sender configurations.
...
The default keystore named wso2carbon.jks
, can can be found in the the <PRODUCT_HOMEHOME>/repository/resources/security
directory directory. To change the keystores used by the HTTPS transport, update the HTTPS transport receiver and sender configurations by specifying the paths to keystores files and other attributes of the files such as the keystores passwords.
Info |
---|
Under the < |
The <Password
> element should indicate the password of the keystore file.
The <KeyPassword
> element should point to the password required to access the private key.
The keystores used to encrypt administrator passwords and other confidential information in Carbon is configured in the PRODUCT_HOME/repository/conf/carbon.xml
file. This keystore configuration can be found under the <security
> element of the carbon.xml
file.
...
.
...