How to import the Public Certificate of one WSO2 product to the trust store of another?

To demonstrate this point, I will use the 2 products WSO2 API Manager 2.1.0 (referred as APIM from here onwards) and WSO2 Enterprise Integrator 6.1.1 (referred as EI from here onwards).

When using EI as the Business Process Server during configuration of Workflows in APIM, one step to perform is to import the public certificate of EI to the truststore of APIM[1]. So now let's see how this can be done.

Step 1:

Go to <EI_HOME>/repository/resources/security/ folder and execute the following keytool command.


This command is used to export the public certificate of EI as a certificate file called wso2carbon.cer.

Since the default keystore in EI is wso2carbon.jks, we have specified it as the keystore and the default alias is wso2carbon.

Provide wso2carbon as the keystore password when prompted as it is the default password.

After executing the above command from within the security folder in EI, you will see that a file with the name of wso2carbon.cer is created inside the same folder.

Step 2:

Now go to <APIM_HOME>/repository/resources/security/ folder.

You can either copy the wso2carbon.cer file created in Step 1 to the APIM security folder and execute the below command or you can just refer to this certificate file by giving the correct path in the command.


This command is used to import the wso2carbon.cer public certificate to the client trust store of APIM.

Note that the alias is now wso2carbon1, and not wso2carbon. Since an entry with the same alias already exists by default in the client-truststore.jks of APIM, we are going to import the certificate of EI to APIM with a different alias.

Accept the certificate when prompted.

Now you have successfully imported the public certificate of one WSO2 product into the trust store of another.

[1]
https://docs.wso2.com/display/AM210/Adding+an+API+Subscription+Workflow

Cheers!