Hi Devs, Currently we are setting wso2carbon.jks as the default trust-store in a Carbon instance. This is set during the server startup inside the CarbonServerManager class.
IMO, it should be client-truststore.jks which should be set as the default trust-store in Carbon while treating wso2carbon.jks only as the primary key store. Usually users manage their primary key stores separately from the trust store. But with the current implementation, they have to import some of certificates to the primary key store to get certain scenarios working. Also for transports, we are using wso2carbon.jks as the key store while using client-truststore.jks as the trust-store. So it will be more consistent to use client-truststore.jks as the system wide trust store instead of the wso2carbon.jks. To make this change, we have to add a new configuration element to the carbon.xml similar to the existing key store configuration. Let us know your feedback on this. Thanks, Thilina -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
