Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Key stores allow you to manage the keys that are stored in a database. A Key store must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity will certify a trusted party's public keys by signing them. Since the certificate authority is a trusted one, it will accept the public key certificates signed by that particular CA as trusted.

WSO2 products come with a default key store named wso2carbon.jks, which resides in <PRODUCT_HOME>/repository/resources/security directory. This is the key store with private/public key pair, which is used for encrypting sensitive information, encryption/signature purposes in WS-Security, and also for communication over SSL.

Since wso2carbon.jks is built into open source WSO2 products, anyone canĀ  access the private keys of the default keystore. Therefore, it is recommended to replace this with a keystore with self-signed or CA-signed certificates when deploying in production.

The WSO2 Identity Server allows you to add a Key store, view a Key store, and import a certificate for a Key store.

Excerpt
hiddentrue

General information about Key stores in WSO2 Identity Server.