Keystores

Key stores allow you to manage the keys that are stored in a database. A Key store must contain a key pair with a certificate signed by a trusted Certification Authority (CA). A CA is an entity trusted by all parties participating in a secure communication. This entity will certify the trusted party's public keys by signing them. Since the certificate authority is a trusted one, it will accept the public key certificates signed by that particular CA as trusted.

The WSO2 Governance Registry allows Adding Key stores, Viewing Key stores, Import certificates for Key Stores and Deleting Keystores.

The main reasons for WSO2 keystore management UI, is to provide a UI and API to manage keystores. In Carbon servers, these APIs are mainly used for applying Web service security. This UI helps users to add keystores that can be used for WS-Security scenarios. When you are applying ws-security for Web services using the management console, you can select a keystores for encryption/signing processes out of these uploaded keystores. This UI also helps you to manage certificates within keystores. Using the UI, you can view the content of the primary keystore of Carbon Server.

Apart from that, all the functions of keystore management UI have been exposed via APIs (also Web service API). As a result, if you are writing some custom extension to the Carbon servers (such as, ESB mediators) you can directly access these keystores using API. This helps you to manage keystores hiding a under line complexity. Basically you can use this web service API for third party applications to manage their keystores.

WSO2 Carbon keystore management provides the facility to manage multiple keystores. This functionality is bundled with the security management feature:

Name: WSO2 Carbon - Security Management Feature
Identifier: org.wso2.carbon.security.mgt.feature.group

This chapter contains the following information: