...
- Creating a keystore using an existing certificate
- Creating a keystore using a new certificate
- Adding the public key to client-truststore.jks
- Updating configurations in WSO2 products
Creating a keystore using an existing certificate
...
Now you have a Java keystore including a CA-signed certificate that can be used in a production environment. Next, you must add its public key to the client-truststore.jks file to enable backend communication and inter-system communication via SSL.
| Anchor | ||||
|---|---|---|---|---|
|
In SSL handshake, the client needs to verify the certificate presented by the server. For this purpose, the client usually stores the certificates it trusts, in a trust store. All WSO2 products are shipped with the trust store named client-truststore.jks, which resides in the same directory as the keystore (
<PRODUCT_HOME>/repository/resources/security/). Therefore, we need to import the new public certificate into this trust store for frontend and backend communication of WSO2 products to happen properly over SSL.| Note |
|---|
Note that we are using the default client-truststore.jks file in your WSO2 product as the trust store in this example. |
To add the public key of the signed certificate to the client trust store:
...