Sun GlassFish Enterprise Server v2.1.1 Administration Guide

Passing Additional Passwords for a PKCS#11 Crypto Device

For standard parameters, you can create a password alias in the password file. For example, you can create a password alias for the admin password as follows:


To pass in additional (non-standard) passwords, you need to create an entry in the password file and use the create-password-alias command for that entry.

For a PKCS#11 crypto-device that works with GlassFish, add an entry, as follows, to the GlassFish password file.


Then create a password alias. For example, if you are using the Sun Metaslot device with GlassFish, the asadmin start-domain command would prompt for password as follows:

asadmin start-domain Starting Domain domain1, please wait. 
Default Log location is /opt/glassfish/domains/domain1/logs/server.log. 
Please enter password for NSS slot Sun Metaslot>  

To pass this non-standard password as an additional password, do the following:

  1. Add an entry to the GlassFish password file (specified by the --passwordfile option) as follows:

  2. Create the password alias as follows:

    asadmin> create-password-alias --user admin --passwordfile mypwdfile abc123
  3. Replace the password in the GlassFish password file with the alias password as follows: