Open in app

Sign in

Write

Sign in

Creating New Keystores for WSO2 products

Asara kumarasena
3 min readJun 25, 2021

--

WSO2 Carbon-based products are shipped with a default Keystore named wso2carbon.jks , which is stored in the <PRODUCT_HOME>/repository/resources/security directory. This Keystore comes with a private/public key pair that is used for all purposes, such as encrypting sensitive information, communicating over SSL and for message encryption/signing purposes in WS-Security. You can either use one new Keystore for all purposes in your product, or you can create multiple key stores for each purpose.

In this post, I’m going to discuss how to create new Keystores with new (self-signed) certificates, export and import their public certificates among them. Further, I’m using the keytool that is available with the JDK installation.

Let’s assume we need to create two keystores as Backend(newkeystore.jks) and Frontend(newkeystore1.jks).

step 1: Create Backend Keystore with a new certificate

keytool -genkey -alias wso2carbon -keyalg RSA -keysize 2048 -keystore newkeystore.jks -dname "CN=asara.org, OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon

This command will create a Keystore with the following details:

  • Keystore name: newkeystore.jks
  • Alias of public certificate: wso2carbon
  • Keystore password: wso2carbon
  • Private key password: wso2carbon (this is required to be the same as keystore password)

step 2: Export the public certificate of the Backend Keystore

keytool -export -alias wso2carbon -keystore newkeystore.jks -file wso2carbon.pem

step 3: Create Frontend Keystore with a new certificate

keytool -genkey -alias wso2carbon1 -keyalg RSA -keysize 2048 -keystore newkeystore1.jks -dname "CN=wso2.com, OU=Home,O=Home,L=SL,S=WS,C=LK" -storepass wso2carbon -keypass wso2carbon

This command will create a Keystore with the following details:

  • Keystore name: newkeystore1.jks
  • Alias of public certificate: wso2carbon1
  • Keystore password: wso2carbon
  • Private key password: wso2carbon (this is required to be the same as keystore password)

step 4: Export the public certificate of the Frontend Keystore

keytool -export -alias wso2carbon1 -keystore newkeystore1.jks -file wso2carbon1.pem

step 5: Import the public certificate of Backend Keystore to the frontend Keystore

keytool -import -alias backend -file wso2carbon.pem -keystore newkeystore1.jks -storepass wso2carbon

Here, we are giving the certificate alias name of the public certificate as backend

step 6: Import the public certificate of Frontend Keystore to the Backend Keystore

keytool -import -alias frontend -file wso2carbon1.pem -keystore newkeystore.jks -storepass wso2carbon

Here, we are giving the certificate alias name of the public certificate as frontend

💠 Now you can view and list down the certificates of the keystores by using the below keytool command.

keytool -list -v -keystore newkeystore.jks

The output will be like this.

keytool -list -v -keystore newkeystore1.jks

The output will be like this.

You can find the above keystores and certificates from this link.

That’s All! 😃

Wso2
Esb
Keystore
Certificate
Wso2 Ei

--

--

Asara kumarasena
Asara kumarasena

Written by Asara kumarasena

21 Followers
12 Following

Graduate Student @Wayne State University | Former Software Engineer @WSO2

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams