In the Developer Prole, on the server side, the Enterprise Server uses the JSSE format,
which uses keytool to manage certicates and key stores. In the Clusters and Enterprise
Prole, on the server side, the Enterprise Server uses NSS, which uses certutil to manage
the NSS database which stores private keys and certicates. In both proles, the client side
(appclient or stand-alone), uses the JSSE format.
By default, the Enterprise Server is congured with a keystore and truststore that will work
with the example applications and for development purposes. For production purposes, you
may wish to change the certicate alias, add other certicates to the truststore, or change the
name and/or location of the keystore and truststore les.
Changing the Location of Certicate Files
The keystore and truststore les provided for development are stored in the domain-dir/config
directory.
Use the Admin Console to add or modify the value eld for the new location of the certicate
les.
-Dcom.sun.appserv.nss.db=${com.sun.aas.instanceRoot}/NSS-database-directory
where NSS-database-directory is the location of the NSS database.
Using Java Secure Socket Extension (JSSE) Tools
Use keytool to set up and work with JSSE (Java Secure Socket Extension) digital certicates. In
the Developer Prole, the Enterprise Server uses the JSSE format on the server side to manage
certicates and key stores. In all the proles, the client side (appclient or stand-alone) uses the
JSSE format.
The J2SE SDK ships with keytool, which enables the administrator to administer
public/private key pairs and associated certicates. It also enables users to cache the public keys
(in the form of certicates) of their communicating peers.
To run keytool, the shell environment must be congured so that the J2SE /bin directory is in
the path, or the full path to the tool must be present on the command line. For more
information on keytool, see the keytool documentation at
http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html.
Using the keytool Utility
The following examples demonstrate usage related to certicate handling using JSSE tools:
UsingJavaSecure SocketExtension(JSSE)Tools
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008112