d setup wso2 password#
To generate a correct PFX file you will need to use the following command, if correctly executed it will ask for a password twice, don’t forget whatever you decide to use as a password as you will need it later! openssl pkcs12 -export -in .crt -inkey .key -name "" -certfile -certfile -out .pfx We used an openssl prompt for this part of the process, you can open it in command line by typing “openssl”. pfx file with the collected certificates and key.įirst you must export certificates to the PKCS12/PFX format. We will describe these steps in more detail below.īefore we can create a keystore we will have to create a.
So the intermediaries we need are the COMODO RSA Certification authority cert and the Comodo Rsa Organization Validation Secure Server ca. When you open the intermediaries you can find the exact name of the certificate you will need to find. Here you can see the signed wildcard certificate (*.) and the two intermediary certificates in the chain. In case of the root certificate this one is not listed and is most likely already embedded in the system you’re using, if you’re not sure it shouldn’t break anything to add this one too. Comodo RSA Certification Authority certificate.Comodo RSA Organization Validation Secure Server ca certificate.When selected they will show the names of the intermediary certificates you’ll need: This is the tab you need to see the certificate chain, you can see that the clients wildcard certificate is the one currently selected.Ībove the current certificate there are two other certificates listed, these are the intermediary certificates within the certificate chain. To find out which ones you need you will have to open the valid certificate and open the below window. These can be downloaded from the company’s website (In this case I’ve used a comodo certificate ) The intermediary and root certificates provided by the trust company who signed the valid certificate.The Certificate private key, usually acquired from your company’s system administrator.A valid certificate, usually acquired from your company’s system administrator.Before we start we will need to collect a few things. We assume that you have a working WSO2 product, e.g. For more information we direct you to the internet. Keep in mind that you will need to offer proof of ownership or control over the website that you want the certificate for.
d setup wso2 full#
There are some organizations that offer free 90 days certificates if you want to try it out and not directly shell out money for a full certificate. Mind you that certificates cost money since a service (in this case trust) is offered. And you also get rid of these pesky messages about security inherent with self signed certificates. These are great for testing purposes but in a production environment you will of course want to change this keystore with a different one. This certificate will be used instead of the self-signed WSO2 certificates in the keystore. To set up HTTPS you will need a valid certificate to enable the WSO2 product to encrypt the connection.įor this tutorial I’ve used a wildcard certificate signed by a (trusted) Certificate authority. The certificate issued guarantees that the site is indeed who it claims to be.Ĭertificates in this sense are used to encrypt the secure https traffic to and from your WSO2 products. A certificate issued by them should be trusted since the trust relationship with CA’s is beyond discussion. Certificates are issued by a so called Certificate Authority like the companies Comodo or Symantec. Without going into too much detail, certificates work using a trust mechanism. This is a so called self-signed certificate and is deemed to be less secure then one from a Certificate authority. What you’ll find when you start up any WSO2 product is that the browser will balk on the certificate that is used to encrypt the connection.
WSO2 products can be downloaded from the WSO2 website, installed in a matter of seconds after which you can try out the software.