This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

XKMS Configuration

A built-in XKMS trust web service can be used to simplify key management. If XKMS settings are obsolete, you can update them easily.

Follow the instructions below to view and update XKMS configuration in WSO2 Identity Server.

1. Sign in. Enter your user name and password to log on to the Management Console.

2. Click the "Configure" button to access the "Configure" menu.

3. From the "Configure" menu, select "XKMS."

4. The "XKMS Configuration" page appears. Here you can see the current XKMS configuration.

  • Server authentication code - Specifies the authentication code used to authenticate client requests.
  • Key store location - Specifies the location of the Java key store to be used as the key store of the XKMS service.
  • Key store password - Specifies the password of the above key store.
  • Server certificate alias - Specifies the alias of the XKMS server certificate used to sign all outgoing XKMS messages.
  • Server key password - Specifies the private key password of the service used to sign all outgoing XKMS messages.
  • Issuer certificate alias - Specifies the alias of the issuer's certificate which will be used as the issuer certificate when generating certificates for public keys specified in Register requests.
  • Issuer key password - Specifies the password for the issuer's private key. This will be used when generating certificates for public keys specified in Register requests.
  • Default expiration interval - Specifies the default validity interval of generated certificates. The client can request to limit the validity period to an interval that is shorter than the default period, but cannot increase it to an interval longer than the default period.
  • Default private key password - Specifies the password to be used to store server-generated private keys.
  • Enable persistence- Sets the flag to enable persistence. If set, it will persist the Java key store when the keys are uploaded.
    • true
    • false

WSO2 Carbon XKMS Configuration

The Default Configuration Values

  • Server authentication code: secret
  • Key store location: keystore.jks
  • Key store password: password
  • Server certificate alias: bob
  • Server key password: password
  • Issuer certificate alias: alice
  • Issuer key password: password
  • Default expiration interval: 365
  • Default private key password: testing
  • Enable persistence: true

5. Update the necessary options and click on the "Update" button.