It is a good practice to change your trust database/key-pair file password or PIN periodically. If your Administration Server is SSL-enabled, this password is required when starting the server. Changing your password periodically adds an extra level of server protection.
You should only change this password on your local computer. For a list of guidelines to consider when changing a password, see Creating Hard-to-Crack Passwords.
Access either the Administration Server or the Server Manager and click the Security tab.
Click the Change Key Pair File Password link.
From the Cryptographic Module drop-down list, select the security token on which you want to change the password.
By default, this is Internal for the internal key database. If PKCS #11 modules are installed, all of the security tokens will be listed.
Enter your current password.
Enter your new password.
Enter it again and click OK.
Make sure your key-pair file is protected. The Administration Server stores key-pair files in the directory server_root/alias.
It is also important to know if the file is stored on backup tapes or otherwise available for someone to intercept. If so, you must protect your backups as completely as your server.