[Download ] | [Documentation Home ] | [Release Note ]

Change the WSO2 WSAS Crypto Keys

WSO2 WSAS uses a key pair to enable HTTPS and to secure the user passwords within it.

When you use WSO2 WSAS in production, it is strongly recommended that you change the default keys that are shipped with it.

Step 1: Use the keytool utility available with the JDK to create a keystore containing the new keypair

It should be noted that the RSA algorithm must be used to generate the keypair and the alias of it must be "wso2wsas". The following command can be used to create the above keystore.

$ keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks -storepass wso2wsas

This will prompt a series of questions as shown below:

What is your first and last name?
  [Unknown]:  John Smith
What is the name of your organizational unit?
  [Unknown]:  Accounts
What is the name of your organization?
  [Unknown]:  ABC
What is the name of your City or Locality?
  [Unknown]:  Colombo
What is the name of your State or Province?
  [Unknown]:  Western
What is the two-letter country code for this unit?
  [Unknown]:  LK
Is CN=John Smith, OU=Accounts, O=ABC, L=Colombo, ST=Western, C=LK correct?
  [no]:  yes

Enter key password for <tungsten>
    (RETURN if same as keystore password):

Now you will see a file with the name "wso2wsas.jks" created in the location from which you executed the above command.

Now you can simply replace the WSO2WSAS_HOME/conf/wso2wsas.jks with this new wso2wsas.jks file that you just created.

Step 2: Reset the passwords of the users

Since the keypair is used to secure the passwords of the WSO2 WSAS users as well, we have to reset the passwords of all the users.

You must use the chpasswd utility provided with WSO2 WSAS to reset the passwords.

Please refer to the chpasswd documentation and make sure you set the password of the "admin" user first.

MISC: Changing the keystore name/location or keystore/key password(s)

If you want to change the keystore file name, location, keystore password, or the key password,

Running in Standalone Mode

Running in a Servlet Container