Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Keystores work A keystore works as a repository of for security certificates and keys that are stored in a database. A Keystore keystore must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity certifies the trusted party's public keys by signing them. Since When the certificate authority CA is a trusted one, it accepts all parties trust and accept the public key certificates signed by that particular CA as trusted.

WSO2  Note the following regarding WSO2 keystore management feature provides the facility to :

  • You cannot import an existing private key to which you already have a certificate
  • You cannot delete the default wso2carbon.jks keystore
  • You must have the same password for both keystore and private key, due to a Tomcat limitation
  • You cannot remove a service before disabling its security

You can add and manage multiple keystores using the management console of WSO2 products, as explained in the steps below:

  1. Log in to the product's management console and select sub menu Keystores under the Configure menu.
    Image Added
  2. The Keystore Management page opens. Click Add New Keystore.
     Image Added
  3. In the page that opens, provide the following information:
    • Keystore File : The file where security certificates are stored in order to sign data to be transmitted.
    • Keystore Password : Must give the same password required to access the private key.
    • Provider :
    • Keystore Type : WSO2 supports two types of
    Keystores
    • keystores as follows:
      • JKS (Java Keystore) : You can read and store key entries and certificate entries in this type. Key entries can store only private keys.
      • PKCS12 (Public Key Cryptography Standards) : You can read a keystore in this format and export the information from that keystore, but you cannot modify the keystore. This is used to import the certificates from different browsers into your Java keystore.
    For example,
           
  4. Click Next after providing the details.
    In the next page, provide Private Key Password and Finish.

...

 Key store management functionality does not let you import an existing private key to which you already have a certificate.

...

  1. in and Finish.