WSO2 application server 5.1.0 - implications of keys and keystores?

Question

The WSO2 Application Server wiki documentation describes how to manage keys and keystore: wiki link.

However, the documentation does not describe WHY or WHEN you would manage the keys and keystores using the Carbon UI.

The Carbon user interface https transport configuration points directly to:

%CARBON_HOME%\repository\resources\security\wso2carbon.jks
%CARBON_HOME%\repository\resources\security\client-truststore.jks

The ws-security sample %CARBON_HOME%\samples\Jaxws-Jaxrs\ws_security\sign_encrypt uses keystores in the ws-security samples folders (.src\main\resources\keystore\*.jks)

So the above keystores and truststores aren't managed using the Carbon UI.

So my question is: WHY and WHEN is the Carbon keystore management UI used?

Answer 1

If you are interested in use cases on keys stores, one thing you can do is search in the doc content. That will give up the scenarios where key stores used. Hope this helps. http://goo.gl/wNATM

Answer 2

Main reasons for WSO2 keystore management UI is to provide a UI and API to manage key stores. In carbon servers, these APIs are mainly used for applying web service security.

This UI helps users to add keystores that can be used for WS-Security scenarios. When you are applying ws-security for web services using management console, you can select a keystores for encryption/signing processes out of these uploaded key stores. Also this UI helps you to manage certificate within key store.

Also Using UI, you can view the contain of the primary key store of carbon server.

Apart from that, all the functions of keystore management UI have been exposed via APIs (also web service API). Therefore if you are writing some custom extension to Carbon servers (such as ESB mediators).. you can directly access these keystores using API. This helps you to manage keystores hiding a under line complexity. Basically you can use this web service API for 3rd party applications to manage their keystores.