Installation of the Application Server generates a digital certificate in JSSE (Java Secure Socket Extension) format suitable for internal testing. By default, the Application Server stores its certificate information in two files in the domain-dir/config directory:
Keystore file, keystore.jks, contains the Application Server’s certificate, including its private key. The keystore file is protected with a password, initially changeit. Change the password using keytool. For more information about keytool, read Using the keytool Utility.
Each keystore entry has a unique alias. After installation, the Application Server keystore has a single entry with alias s1as.
Truststore file, cacerts.jks, contains the Application Server’s trusted certificates, including public keys for other entities. For a trusted certificate, the server has confirmed that the public key in the certificate belongs to the certificate’s owner. Trusted certificates generally include those of certification authorities (CAs).
In the Platform Edition, on the server side, the Application Server uses the JSSE format, which uses keytool to manage certificates and key stores. In the Enterprise Edition, on the server side, the Application Server uses NSS, which uses certutil to manage the NSS database which stores private keys and certificates. In both editions, the client side (appclient or stand-alone), uses the JSSE format.
By default, the Application Server is configured with a keystore and truststore that will work with the example applications and for development purposes. For production purposes, you may wish to change the certificate alias, add other certificates to the truststore, or change the name and/or location of the keystore and truststore files.
See also To change the location of certificate files.
The keystore and truststore files provided for development are stored in the domain-dir/config directory.
In the Admin Console tree, select the Application Server node.
Select JVM Settings.
Click the JVM Options tab.
On the JVM Options page, add or modify the following values in the Value field to reflect the new location of the certificate files:
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/path/ks-name -Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/path/ts-name |
where ks-name is the keystore file name and ts-name is the trust store file name.
Click Save.
Restart the Application Server if Restart Required displays in the console.