Miscellaneous Commands for Certificates
Miscellaneous Commands for Certificates
If you want to replace the existing keystore.jks, you must either change your keystore's
password to the default password (changeit) or change the default password to your
keystore's password.
To specify that the Application Server should use the new keystore for authentication and
authorization decisions, you must set the JVM options for the Application Server so that they
recognize the new keystore. To use a different keystore than the one provided for development
purposes, follow these steps.
1. Start the Application Server if you haven't already done so. Information on starting the
Application Server can be found in
2. Start the Admin Console. Information on starting the Admin Console can be found in
3. Select Application Server in the Admin Console tree.
4. Select the JVM Settings tab.
5. Select the JVM Options tab.
6. Change the following JVM options so that they point to the location and name of the new
keystore. There current settings are shown below:
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks
7. If you've changed the keystore password from its default value, you need to add the
password option as well:
-Djavax.net.ssl.keyStorePassword=
your-new-password
8. Log out of the Admin Console and restart the Application Server.
Miscellaneous Commands for Certificates
To check the contents of a keystore that contains a certificate with an alias server-alias, use
this command:
keytool -list -keystore keystore.jks -alias server-alias -v
To check the contents of the cacerts file, use this command:
keytool -list -keystore cacerts.jks
Establishing a Secure Connection Using SSL
The Java EE 5 Tutorial · September 2007
792
