Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
WSO2 uses JKS type keystores as the default keystores which uses SHA1 which is no longer considered as secure. Furthermore, JKS keystores are not FIPS compliant [1].
To use PKCS12 keystores, following configs can be used in the deployment.toml
WSO2 uses JKS type keystores as the default keystores which uses SHA1 which is no longer considered as secure. Furthermore, JKS keystores are not FIPS compliant [1].
To use PKCS12 keystores, following configs can be used in the deployment.toml
[1] https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/fips.html#GUID-8191241C-B9A7-4D41-82B6-BC92AC3BD425
Describe the improvement Primary keystore and trusture will use PKCS12 type keystores
Additional context To convert an existing JKS keystore to PKCS12, following command can be used