Say; your self signed certificate has been expired & you want to renew it by keeping same private key. Lets try out as following. Step 1 Find out the PrivateKeyEntry of the expired keystore (wso2carbon.jks) >keytool -list -keystore wso2carbon.jks | grep PrivateKeyEntry It is given as the alias called “wso2carbon” Lets list the certificate […]
Category: KeyStore Management
KeyStore is a repository of security certificates which contains Private keys and trusted certificates
Lets discuss; How you can properly configure KeyStores in WSO2 products. There are two main keystores in all products which are, In 4.2.X products Primary KeyStore which is used for SSL Registry KeyStore which is used for Data encryption and decryption. You can find that both KeyStore configurations in the /repository/conf/carbon.xml file. By default; same […]
As you know, WSO2 Identity Server can be run in multi-tenant environment. When you create a tenant in Identity Server, It would automatically generated a primary keystore for the the tenant. But this keystore is a self signed with defined CN name. Therefore It is needed to change this primary keystore as it is used […]
In my previous posts, we talked about securing BE service with WSO2ESB. But, there are some issues with way that we have configured when it comes to production developments. In this blog post, we are trying to overcome from them. OK, let see what has happened with previous blog posts. 1. This post; we discussed how […]
When you are working with JAVA applications and JAVA based server, you may need to configure a Java key store (JKS) file. Self signed keystore can be easily created with keytool command. But if you have a private key and a CA signed certificate of it, You can not create a key store with just […]
When your keystore is compromised, you must change the password of it… Also when you are using/testing IDM products that are shipped with default keystores, It is always better to use them by changing the default passwords. Passwords of JKS files can be easily changed by using java keytool command as following… Use following keytool command to change the key store password […]
I have seen that most the cases, You may need to retrieve the X509 Certificate as <ds:X509Certificate> Data. <ds:X509Certificate> data can be seen in SOAP messages (SAML, WS-Security) that are passed the security information. You can easily retrieve X509Certificate data using java keytool command. If you want to retrieve X509Certificate data from key store file (JKS) keytool -export -keystore pathToKeystore -rfc […]