Configuring Keystores in WSO2 IoT Server

 If you changed the keystore from the default WSO2 keystore, you need to configure the following files:

1. Change the wso2carbon keystore alias to the new keystore alias in the following files.

   designer.json	Configure the identityalias in the <IOTS_HOME>/repository/deployment/server/jaggeryapps/portal/configs/designer.json file. "identityAlias": "<NEW_KEYSTORE_ALIAS>"
   app-conf.json	Configure the identityAlias in the <IOTS_HOME>/repository/deployment/server/jaggeryapps/devicemgt/app/conf/app-conf.json file. "identityAlias": "<NEW_KEYSTORE_ALIAS>",
   webapp-authenticator-config.xml	Configure the <IOTS_HOME>/conf/etc/webapp-authenticator-config.xml file by replacing wso2carbon with the new key store alias. You will come across 3 references as shown below. <Parameters> <!--Issuers list and corresponding cert alias--> <Parameter Name="wso2.org/products/am">{NEW_KEYSTORE_ALIAS}</Parameter> <Parameter Name="wso2.org/products/iot">{NEW_KEYSTORE_ALIAS}</Parameter> <Parameter Name="wso2.org/products/analytics">{NEW_KEYSTORE_ALIAS}</Parameter> </Parameters>

2. If you added a public certificate, update the Identity Provider (IDP) with the new certificate. This is needed as WSO2 IoT Server uses the JWT token for the servers to communicate with each other.
   Follow the steps given below to update the IDP.

   1.  If your public certificate is not in the .pem format, export it to the .pem format using the command given below:

      openssl x509 -inform DER -outform PEM -in {YOUR_CERTIFICATE_NAME} -out server.crt.pem

   2. Open the server.crt.pem  you just generated and copy the content between BEGIN CERTIFICATE and END CERTIFICATE.

   3. Open the <IOTS_HOME>/conf/identity/identity-providers/iot_default.xml file and replace the content that is under the <Certificate> property with the content you just copied.