Importing Certificates to the API Microgateway Truststore¶
For signature validation of JWTs, you need to add the public certificate of the Identity Provider to the truststore of the API Microgateway. Follow the steps given below to import the certificate.
-
Convert the public certificate to a PEM format. For example,
openssl x509 -inform der -in public_certificate.cert -out certificate.pem -
Import the certificate to the truststore. The
ballerinaTruststore.p12resides in the generated distribution of the API Microgateway runtime and toolkit in the following locations.keytool -import -keystore <MGW_TOOLKIT_HOME>/lib/platform/bre/security/ballerinaTruststore.p12 -alias wso2carbonjwt -file certificate.pemNote
Do not unzip the platform.zip in
/lib/ manually. After you use any toolkit command such as micro-gw init petstore, it will be automatically unzipped with necessary contents.keytool -import -keystore <MGW_RUNTIME_HOME>/runtime/bre/security/ballerinaTruststore.p12 -alias wso2carbonjwt -file certificate.pemNote
Use the keytool that comes in JDK 8u60 or later.
Default Certificates and aliases in WSO2 Microgateway 3.2.0 Truststore¶
The default truststore of WSO2 Microgateway ballerinaTruststore.p12 already contains default public certificates of the following products under the following aliases.
| Product default certificate | Alias |
|---|---|
| WSO2 API Manager 2.6.0 | wso2apim |
| WSO2 API Manager 3.0.0 | wso2carbonnew |
| WSO2 API Manager 3.1.0 | wso2apim310 |
| WSO2 API Manager 3.2.0 | wso2apim310 |
| WSO2 Analytics 3.0.0 | wso2sp |