Installation of the Enterprise Server generates a digital certificate in JSSE (Java Secure Socket Extension) or NSS (Network Security Services) format suitable for internal testing. By default, the Enterprise Server stores its certificate information in a certificate database in the domain-dir/config directory:
Keystore file, key3.db, contains the Enterprise Server's certificate, including its private key. The keystore file is protected with a password. Change the password using the asadmin change-master-password command.
Each keystore entry has a unique alias. After installation, the Enterprise Server keystore has a single entry with alias s1as.
Truststore file, cert8.db, contains the Enterprise Server's trusted certificates, including public keys for other entities. For a trusted certificate, the server has confirmed that the public key in the certificate belongs to the certificate's owner. Trusted certificates generally include those of certification authorities (CAs).
In the Developer Profile, on the server side, the Enterprise Server uses the JSSE format, which uses keytool to manage certificates and key stores. In the Clusters and Enterprise Profile, on the server side, the Enterprise Server uses NSS, which uses certutil to manage the NSS database which stores private keys and certificates. In both profiles, the client side (appclient or stand-alone), uses the JSSE format.
By default, the Enterprise Server is configured with a keystore and truststore that will work with the example applications and for development purposes. For production purposes, you may wish to change the certificate alias, add other certificates to the truststore, or change the name and/or location of the keystore and truststore files.
The keystore and truststore files provided for development are stored in the domain-dir/config directory.
Use the Admin Console to add or modify the value field for the new location of the certificate files.
where NSS-database-directory is the location of the NSS database.