Manage Key Stores
A key store can be added, viewed and deleted using the management console of a WSO2 product.
Add Key Stores
Follow the instructions below to add a new Key store to a running Carbon instance.
1. Log on to the product's Management Console and select "Configure -> Key Stores."
2. The "Key Store Management" page appears. Click on the "Add New Key store" link.
3. Locate the Key store file you want to add in the "Add New Key store" page. Specify the "Key store Password," which points to the password required to access the private key.
For example,
4. Select "Key store Type" from the drop-down menu.
WSO2 Carbon supports two types of Keystores.
- JKS (Java Key Store) : It can read and store key entries and certificate entries. However, the key entries can store only private keys.
- PKCS12 (Public Key Cryptography Standards) : You can read a keystore in this format and can export the information from that keystore, but you cannot modify the keystore. This is used to import the certificates from different browsers into your Java keystore.
5. Click "Next."
6. In the next page, provide "Private Key Password" and click "Finish."
Note
Key store management functionality does not let you import an existing private key for which you already have a certificate.
Note
The default wso2carbon.jks Key store cannot be deleted.
Info
Currently it is required to have same password for both keystore and private key. This is due to a tomcat limitation.
View Key Stores
1. Log on to the product's Management Console select "Configure -> Key Stores."
2. In the "Key Store Management" page that appears, select the "View" link in the "Actions" column.
3. The "View Key Store" page shows information about the available certificates.
4. Click on the "Finish" button to go back to the "Key Store Management" page.
Delete Key Stores
If you do not need to use a Key store anymore, you can delete it from the "Key stores" list. Follow the instructions below to delete a Key store.
Note
You need to disable the security of the associated service before removing the service from the system to be able to remove a key store.
1. Log on to the product's Management Console and select "Configure -> Key Stores."
2. In the "Key Store Management" page that appears, click on the "Delete" link associated with a certain Key store.
3. Confirm your request.
Note
You can't undo this operation once performed.