Working with Security

WSO2 products support a variety of transports that make them capable of receiving and sending messages over a multitude of transport and application-level protocols. By default, all WSO2 products come with the HTTP transport. The transport receiver implementation of the HTTP transport is available in Carbon. The transport sender implementation comes from the Tomcat HTTP connector, which is configured in the <APIM_HOME>/repository/conf/tomcat/catalina-server.xml file.

For more information on securing the HTTP transport, see Configuring transport level security in the WSO2 Carbon documentation.

A keystore is a repository that stores artifacts such as cryptographic keys and certificates. These artifacts are used for encrypting sensitive information and establishing trust between your server and outside parties that connect to your server.

All WSO2 products come with a default keystore (wso2carbon.jks). In a production environment, it is recommended to replace it with one or more keystores.

See the following in the WSO2 Carbon documentation:

• How public key encryption and keystores are used.
• How to create new keystores and replace the default one.
• How configuration files should be updated to use the relevant keystore for different purposes.

As a secure vault implementation is available in all WSO2 products, you can encrypt the sensitive data such as passwords in configuration files using the Cipher tool.

See the following in the WSO2 Carbon documentation:

• How the secure vault is implemented in WSO2 products.
• How to encrypt passwords using the Cipher tool.
• How to resolve encrypted passwords.

Also see how to encrypt secure endpoint passwords.