WSO2 products use asymmetric encryption by default for the purposes of authentication and data encryption. In asymmetric encryption, keystores (with key pairs and certificates) are created and stored for the product. It is possible to have multiple keystores so that the keys used for different use cases are kept unique. For more information about creating and configuring keystores, see Using Asymmetric Encryption.
...
Open the <API-M_HOME>/repository/conf/identity/identity.xml file and update the values for Location and Password under the KeyStore section. The default configurations are shown below.
| Code Block |
|---|
<EntitlementSettings>
<ThirftBasedEntitlementConfig>
<EnableThriftService>false</EnableThriftService>
<ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
<ClientTimeout>10000</ClientTimeout>
<KeyStore>
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
<Password>wso2carbon</Password>
</KeyStore>
<ThriftHostName>${carbon.host}</ThriftHostName>
</ThirftBasedEntitlementConfig>
</EntitlementSettings> |
...
Open the <API-M_HOME>/repository/conf/identity/EndpointConfig.properties file and update client.keyStore and client.trustStore with the location of the keystore and truststore respectively. The default configurations are shown below.
| Code Block |
|---|
tenantListEnabled=false hostname.verification.enabled=true mutual.ssl.username=admin client.keyStore=./repository/resources/security/wso2carbon.jks Carbon.Security.KeyStore.Password=wso2carbon client.trustStore=./repository/resources/security/client-truststore.jks Carbon.Security.TrustStore.Password=wso2carbon #identity.server.serviceURL=https://localhost:9443/services/ username.header=UserName key.manager.type=SunX509 trust.manager.type=SunX509 tls.protocol=TLSv1.2 |
...