WSO2 Enterprise Integrator Keystore

2
votes

Is it a good idea to use common keystore for all WSO2EI profiles (ESB/BP/AN)?

For example, trust-clients.jks file is used in each profile in <EI_HOME>/wso2/<PROFILE>/repository/resources/security

Is it ok to create a common security folder (e.g. /use/share/wso2/security) and then link each profile security folder to this location? and what could be the consequences of doing so?

Usually certificates might be required in all profiles and this can help reducing the work of installing certificates in each profile.

Any thoughts?

Thanks.

2
wso2wso2esbwso2eiwso2bps

2 Answers

1
votes

I don't think that is a problem.

However, when you generate keystore, you will have to use SAN extension to include all hostnames (ESB/BP/DSS..etc). Otherwise, it can fail hostname validations when the cert's CN doesn't match the URL's hostname.

1
votes

Yes there is no problem if you have one certificate for different wso2 products however the requirement will be that all the wso2 product reside in the same machine which means that the hostname should rename same.If the hostname is not same then you will get a hostname failed error from the certificate as while creating the certificate you normally mention the hostname name.