Adding CA Signed certificate to WSO2 UES.

Many users prefer to install a CA signed certificate into the product, in-order to make products more secure.

You will get root certificate, intermediate certificates and the domain certificate from the CA as follows


The what you have to do is import these certificates in following order to the keystore file which the -genkeypair and -certreq were done (wso2carbon.jks).

keytool -importcert -keystore wso2carbon.jks -file AddTrustExternalCARoot.crt -alias somealias1 -trustcacerts
keytool -importcert -keystore wso2carbon.jks -file COMODORSAAddTrustCA.crt -alias somealias2
keytool -importcert -keystore wso2carbon.jks -file COMODORSADomainValidationSecureServerCA.crt -alias somealias3
keytool -importcert -keystore wso2carbon.jks -file demo_site_domain.crt -alias wso2carbon

If the response of the last command should be

Certificate reply was installed in keystore

not the

Certificate was added to keystore

Then copy the wso2carbon.jks to UES_HOME/repository/resources/security and it will replace the existing wso2carbon.jks file.

Then change the
Password and KeyPassword found in following classes with the one you used.


Then restart the server, if it doesn’t complain any password issue then it means, you have successfully configured the new keystore with CA signed certificate.