Wednesday, January 29, 2014

Import SSL Certificate to WSO2 Identity Server

The following post shows how to import SSL cetificate to WSO2 Identity Server and configure it.

1) You can import your certificate to wso2carbon.jsk by using following keytool command 
keytool -importkeystore -srckeystore <YOUR_KEY_STORE> -destkeystore wso2carbon.jks -srcstoretype <YOUR_KEY_STORE_TYPE> -deststoretype jks -srcstorepass <PASSWORD> -deststorepass wso2carbon 

2) In WSO2 IS, you cannot have two private keys. So you have to delete wso2carbon private key. You can do it by using following command 
keytool -delete -alias wso2carbon -keystore wso2carbon.jks -storepass wso2carbon 

3) In WSO2 IS, your wso2carbon.jks password and your private key password should be same. Otherwise it gives an error. Current wso2carbon.jks password is "wso2carbon". If your password is different from that you have to change it. You can change wso2carbon.jks password by using following command. 
keytool -storepasswd -keystore wso2carbon.jks 

4) You don't need to import your private key to client-truststore.jks. It's incorrect. You have to import your public key to it. To do that you have to export your public key from the wso2carbon.jks and import it to client-truststore.jks. You can do these things from the following commands. 

keytool -export -keystore wso2carbon.jks -alias <YOUR_ALIAS> -file test.cer 
keytool -import -alias <YOUR_ALIAS> -file test.cer -keystore client-truststore.jks 

5) After that you have to edit carbon.xml and identity.xml files with your new certificate settings. You can find those files in <CARBON_HOME>/repository/conf 

In carbon.xml, under the <Security> tag you can find <KeyStore>. In that <KeyStore> block you have to change Password, KeyAlias and KeyPasswords attributes according to your settings. 

In identity.xml, under the <EntitlementSettings> you can find <ThirftBasedEntitlementConfig> tag. Please change the Password attribute according to your settings. 

After completion of the about steps, start the server.