This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

XKMS Configuration

An inbuilt XKMS trust web service can be used to simplify key management. If the settings of XKMS are obsolete, you can update them easily.

Follow the instructions below to view and update the XKMS configuration in WSO2 ESB.

1. Sign in. Enter your user name and password to log on to the ESB Management Console.

2. Click the "Configure" button to access the "Configure" menu.

3. From the "Configure" menu, select "XKMS."

4. The "XKMS Configuration" page appears. Here you can see the current XKMS configuration.

  • Server authentication code - Specifies the authentication code used to authenticate client requests.
  • Key store location - Specifies the location of the Java Key store to be used as the key store of XKMS service.
  • Key store password - Specifies the password of the above Key store.
  • Server certificate alias - Specifies the alias of XKMS server certificate. This will be used to sign entire outgoing XKMS messages.
  • Server key password - Specifies the private key password of the service. This will be used to sign entire outgoing XKMS messages.
  • Issuer certificate alias - Specifies the alias of the the Issuer certificate which will be used as issuer certificate when generating certificates for public keys specified in Register requests.
  • Issuer key password - Specifies the password of Issuer private key. This will be used when generating certificates for public keys specified in Register requests.
  • Default expiration interval - Specifies the default validity interval of generated certificates. Client can request to limit the validity period to a value less than the default but can not increase it more than the default period.
  • Default private key password - Specifies the password to be used to store server-generated private keys.
  • Enable persistence - Sets the flag to enable persistence. If set, it will persist the Java Key store when the keys are uploaded.
    • true
    • false

WSO2 Carbon XKMS Configuration

The Default Configuration Values

  • Server authentication code: secret
  • Key store location: keystore.jks
  • Key store password: password
  • Server certificate alias: bob
  • Server key password: password
  • Issuer certificate alias: alice
  • Issuer key password: password
  • Default expiration interval: 365
  • Default private key password: testing
  • Enable persistence: true

5. Update the necessary options and click on the "Update" button.