Keystores allow you to manage the keys that are stored in a database. A keystore must contain a key pair with a certificate signed by a Certification Authority (CA), which is trusted by all parties participating in a secure communication. This authority (CA) will certify the trusted party's public keys by signing them.
The main reasons for WSO2 keystore management UI, is to provide a UI and API to manage keystores. In Carbon servers, these APIs are mainly used for applying Web service security. This UI helps users to add keystores that can be used for WS-Security scenarios. When you are applying ws-security for Web services using the management console, you can select a keystores for encryption/signing processes out of these uploaded keystores. This UI also helps you to manage certificates within keystores. Using the UI, you can view the content of the primary keystore of Carbon Server.
Apart from that, all the functions of keystore management UI have been exposed via APIs (also Web service API). As a result, if you are writing some custom extension to the Carbon servers (such as, ESB mediators) you can directly access these keystores using API. This helps you to manage keystores hiding an under line complexity. Basically you can use this Web service API for third party applications to manage their keystores.
WSO2 Carbon keystore management provides the facility to manage multiple keystores. This functionality is bundled with the security management feature:
Name : WSO2 Carbon - Security Management Feature
Identifier : org.wso2.carbon.security.mgt.feature.group
Every Carbon product contains the default keystore named wso2carbon.jks . This can be found in the < PRODUCT_HOME>/repository/resources/security directory of your product pack.
This chapter contains the following information: