It’s a good practice to change your trust database and key pair file password or PIN periodically. If your Administration Server is SSL enabled, the password is required when starting the server. Changing your password periodically adds an extra level of server protection.
Change this password only from your local machine. For a list of guidelines follow when changing a password, see Creating Hard-to-Crack Passwords.
To change your trust database/key-pair file password for the Administration Server or an server instance, perform the following steps:
Access either the Administration Server or the Server Manager.
From the Server Manager you must first select the server instance from the drop-down list.
Select the Change Password link.
Select the security token for which you want to change the password from the drop-down list.
By default this is 'internal’ for the internal key database. If you have PKCS#11 modules installed, you see all the tokens listed. Click the Change Password link.
Enter the current password.
Enter the new password.
Renter the new password.
From the Server Manager, click Apply, and then Restart for changes to take effect
Make sure your key-pair file is protected. The Administration Server stores key-pair files in the directory server_root/alias. Consider making the files and directory readable only to Sun Java System servers installed on your computer.
It is also important find out if the file is stored on backup tapes or is otherwise available for someone to intercept. If as, you must protect your backups as completely as your server.