Following is a sample dbs file which is deployed as dataservice in WSO2_DSS_3.2.2

<data name="login" serviceNamespace="www.abc.com/services/security" transports="http https">
  <description>security service</description>
  <config id="a_security">
    <property name="carbon_datasource_name">sample-ds</property>
  </config>
  <query id="login" useConfig="a_security">
     ...
  </query>
  <operation name="login">
    <call-query href="login">
       ...
    </call-query>
  </operation>
  <resource method="POST" path="login">
     ...
  </resource>
</data>

And sample-ds is setup from management console (its saved in registry). And this worked fine in a fresh DSS but when I applied a certificate with the DSS, it gives the following error. I tried this with several fresh DSS copies but same happens when applying the certificate.

ERROR {org.wso2.carbon.ndatasource.core.DataSourceRepository} -  Error in updating data source [remove:false] at path '/repository/components/org.wso2.carbon.ndatasource/mdl-psm-ds': Error in updating data source 'mdl-psm-ds' from registry [remove:false]: Error in secure load of data source meta info: errorDuringDecryption
org.wso2.carbon.ndatasource.common.DataSourceException: Error in updating data source 'mdl-psm-ds' from registry [remove:false]: Error in secure load of data source meta info: errorDuringDecryption
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.updateDataSource(DataSourceRepository.java:186)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.updateAllUserDataSource(DataSourceRepository.java:135)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.refreshAllUserDataSources(DataSourceRepository.java:115)
        at org.wso2.carbon.ndatasource.core.DataSourceRepository.initRepository(DataSourceRepository.java:92)
        at org.wso2.carbon.ndatasource.core.DataSourceManager.initTenant(DataSourceManager.java:92)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.initSuperTenantUserDataSources(DataSourceServiceComponent.java:189)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.checkInitTenantUserDataSources(DataSourceServiceComponent.java:180)
        at org.wso2.carbon.ndatasource.core.internal.DataSourceServiceComponent.setRegistryService(DataSourceServiceComponent.java:131)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)

The reason is registry data related to data source has been encrypted from previous key and try to decrypt using the new key.To overcome this issue, you can reconfigure datasource with the same name after the server is started up. Then datasouce passwords will be encrypted again with the new certificate.

If the main error is Caused by: org.wso2.carbon.core.util.CryptoException: A crypto service implementation has not been registered., add below component class to org.wso2.carbon.core project:

package org.wso2.carbon.core.internal;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.crypto.api.CryptoService;

/**
 * @scr.component name="carbon.core.dshcomponent" immediate="true"
 * @scr.reference name="carbonCryptoService" interface="org.wso2.carbon.crypto.api.CryptoService"
 * cardinality="0..1" policy="dynamic"  bind="setCarbonCryptoService" unbind="unsetCarbonCryptoService"
  */
public class CarbonCoreDataHolderHelperComponent {

    private static Log log = LogFactory.getLog(CarbonCoreDataHolderHelperComponent.class);

    private CarbonCoreDataHolder dataHolder = CarbonCoreDataHolder.getInstance();

    protected void activate(ComponentContext ctxt) {

    }

    protected void deactivate(ComponentContext ctxt) {

    }

    protected void setCarbonCryptoService(CryptoService cryptoService){
        if (log.isDebugEnabled()) {
            log.debug("crypto service loaded..");
        }
        dataHolder.setCryptoService(cryptoService);
    }

    protected void unsetCarbonCryptoService(CryptoService cryptoService){
        dataHolder.setCryptoService(null);
        if (log.isDebugEnabled()) {
            log.debug("crypto service unloaded..");
        }
    }

}

This Component will bind crypto service prior to user datasource initilization.