Step 1 Create a new keystore
There is a good blog post which explains the steps in order to create a newkeystore - Hasini Gunasinghe's blog - Installing a new keystore into WSO2 Carbon based products.. Follow the first 3 steps in order to create the new keystore
Step 2 Change the configurations as per the new keystore
Now that you have added the new keystore to {WSO2MB}/repository/resources/security folder next step is to change the configuartion files. In WSO2 MB there are 3 configuartion files that is needed to be edited.
- carbon.xml
- broker.xml
- catalina-server.xml
These files can be located under {WSO2MB}/repository/conf folder. Below are the snippets where the respective files needs to be amended.
carbon.xml
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}/repository/resources/security/mykeystore.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password>mypkpassword</Password>
<!-- Private Key alias-->
<KeyAlias>mycert</KeyAlias>
<!-- Private Key password-->
<KeyPassword>mypkpassword</KeyPassword>
</KeyStore>
broker.xml
<amqp enabled="true">
<bindAddress>0.0.0.0</bindAddress>
<defaultConnection enabled="true" port="5672" />
<sslConnection enabled="true" port="8672">
<keyStore>
<location>repository/resources/security/mykeystore.jks</location>
<password>mypkpassword</password>
</keyStore>
<trustStore>
<location>repository/resources/security/client-truststore.jks</location>
<password>wso2carbon</password>
</trustStore>
</sslConnection>
<maximumRedeliveryAttempts>10</maximumRedeliveryAttempts>
<allowSharedTopicSubscriptions>true</allowSharedTopicSubscriptions>
<!-- Refer repository/conf/advanced/qpid-config.xml for further AMQP-specific configurations.-->
</amqp>
<mqtt enabled="true">
<bindAddress>0.0.0.0</bindAddress>
<defaultConnection enabled="true" port="1883" />
<sslConnection enabled="true" port="8883">
<keyStore>
<location>repository/resources/security/mykeystore.jks</location>
<password>mypkpassword</password>
</keyStore>
<trustStore>
<location>repository/resources/security/client-truststore.jks</location>
<password>wso2carbon</password>
</trustStore>
</sslConnection>
catalina-server.xml
Navigate to " <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" section and set the new keystore name and the password as shown below.
keystoreFile="${carbon.home}/repository/resources/security/mykeystore.jks"
keystorePass="mypkpassword"
That is it, now you have configured the new keystore, you may have seen the below log printed when the default keystore was present. It should ideally not be printed at server startup now.
"[2015-11-01 13:10:31,953] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Carbon is configured to use the default keystore (wso2carbon.jks). To maximize security when deploying to a production environment, configure a new keystore with a unique password in the production server profile.
[2015-11-01 13:10:31,953] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Carbon is configured to use the default keystore (wso2carbon.jks). To maximize security when deploying to a production environment, configure a new keystore with a unique password in the production server profile.
"
No comments:
Post a Comment