Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A keystore works as a repository for security certificates and keys that are stored in a database. A keystore must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity certifies the trusted party's public keys by signing them. When the CA is a trusted one, all parties trust and accept the public key certificates signed by that particular CA.

All the functions of keystore management are exposed via APIs. As a result, if you are writing a custom extension to a WSO2 product (e.g., for WSO2 ESB mediators), you can directly access configured keystores using the API. The API hides the underlying complexity, allowing you to easily use it in third-party applications to manage their keystores as well.

Info

Note the following regarding WSO2 keystore management:

  • You cannot import an existing private key to which you already have a certificate.
  • You cannot delete the default wso2carbon.jks keystore.
  • You must have the same password for both keystore and private key, due to a Tomcat limitation.
  • You cannot remove a service before disabling its security.

...