Keystore Management

Each user account in the Mashup Server has a keystore associated with it. (The primary admins keystore is used for the system user). This keystore is prepopulated with a list if trusted certificates but it does not contain a private key. Hence a user must upload his private key to this keystore before performing any tasks that make use of it.

Managing private keys

Uploading a private key can be done by visiting https://localhost:7443/cert_manager.jsp, but first you need to get yourself a private key.

If the user already has a keystore (JKS or PKCS12) which contains a private key, he could use that keystore to upload a private key to his keystore.
The user can generate a private key for himself using the java keytool that comes with the JDK as follows,

Enter the following at the command prompt. This would create a keystore called keith.jks for you.

keytool -genkey -alias keith -keystore keith.jks

This will take you through a series of questions (You can skip them by pressing the enter key if you prefer)

Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Keith Chapman
What is the name of your organizational unit?
[Unknown]: Mashup Server
What is the name of your organization?
[Unknown]: WSO2
What is the name of your City or Locality?
[Unknown]: Colombo
What is the name of your State or Province?
[Unknown]: Western
What is the two-letter country code for this unit?
[Unknown]: SL
Is CN=Keith Chapman, OU=Mashup Server, O=WSO2, L=Colombo, ST=Western, C=SL correct?
[no]: yes

Enter key password for <keith>
(RETURN if same as keystore password):
keith@keith:~$

Once the keystore is created users can upload their private key to the Mashup Server by visiting https://localhost:7443/cert_manager.jsp.

Usage of user keystores

The user's keystore will be used for the following purposes,

As a truststore when accessing secured endpoints/pages/feeds.
As a truststore when securing mashups (If the security policy used to secure a mashup requires users to sign the request, then for those requests to be valid the client's public certificate should be in the mashup author's keystore)
As a truststore when calling secured mashups (if the service that you are calling needs the request to be encrypted, then for those requests to be valid the public certificate of the external service needs to be in the mashup author's keystore)
To obtain the private key during signing (if the service that you are calling needs the request to be signed, the mashup author's private key will be used to sign these requests)

Managing certificates

As described above a user's keystore is used for many scenarios hence its important to be able to import certificates into your keystore. Users can manage their certificates by visiting https://localhost:7443/cert_manager.jsp. The dialogs to upload certificates won't be displyed until you upload your private key. Importing certificates can be done in two ways:

By providing the URL of the site.
By uploading the certificate as a file.