The Java EE 5 Tutorial

Using a Different Server Certificate with the Application Server

Follow the steps in Creating a Server Certificate, to create your own server certificate, have it signed by a CA, and import the certificate into keystore.jks.

Make sure that when you create the certificate, you follow these rules:

    To specify that the Application Server should use the new keystore for authentication and authorization decisions, you must set the JVM options for the Application Server so that they recognize the new keystore. To use a different keystore than the one provided for development purposes, follow these steps.

  1. Start the Application Server if you haven’t already done so. Information on starting the Application Server can be found in Starting and Stopping the Application Server.

  2. Start the Admin Console. Information on starting the Admin Console can be found in Starting the Admin Console.

  3. Select Application Server in the Admin Console tree.

  4. Select the JVM Settings tab.

  5. Select the JVM Options tab.

  6. Change the following JVM options so that they point to the location and name of the new keystore. There current settings are shown below:${com.sun.aas.instanceRoot}/config/keystore.jks${com.sun.aas.instanceRoot}/config/cacerts.jks
  7. If you’ve changed the keystore password from its default value, you need to add the password option as well:
  8. Log out of the Admin Console and restart the Application Server.