How To Change WSO2 WSAS for Java, v1.1 Crypto Keys

WSO2 WSAS for Java uses a keypair to enable HTTPS and to secure the user passwords within it.

When you use WSO2 WSAS in production its STRONGLY recommended that you change the default keys that are shipped with it.

Step 1: Use the keytool utility available with the JDK to create a keystore containing the new keypair.

It should be noted that the RSA algorithm must be used to generate the key pair and the alias of it must be "wso2wsas". The following command can be used to create the above keystore

$ keytool -genkey -alias wso2wsas -keyalg RSA -keystore wso2wsas.jks -storepass wso2wsas

This will prompt for a series of questions as shown below:

What is your first and last name?
  [Unknown]:  John Smith
What is the name of your organizational unit?
  [Unknown]:  Accounts
What is the name of your organization?
  [Unknown]:  ABC
What is the name of your City or Locality?
  [Unknown]:  Colombo
What is the name of your State or Province?
  [Unknown]:  Western
What is the two-letter country code for this unit?
  [Unknown]:  LK
Is CN=John Smith, OU=Accounts, O=ABC, L=Colombo, ST=Western, C=LK correct?
  [no]:  yes

Enter key password for 
        (RETURN if same as keystore password):

Now you will see a file with the name "wso2wsas.jks" created in the place where you executed the above command.

Now you can simply replace the WSO2WSAS_HOME/conf/wso2wsas.jks with this new wso2wsas.jks file that you just created.

Step 2: Reset passwords of the users

Since this keypair is used to secure the passwords of WSO2 WSAS users as well, now we have to reset the passwords of all users.

You MUST use the chpasswd utility provided with WSO2 WSAS to reset passwords.

Please refer to the chpasswd documentation and make sure you set the password of the "admin" user first.

MISC: Changing the keystore name/location or keystore/key password(s)

If you want to change the keystore file name, location, keystore password or the key password :

Standalone Edition

Servlet Edition