Sun Microsystems 820433510 Server User Manual


 
In the Developer Prole, on the server side, the Enterprise Server uses the JSSE format,
which uses keytool to manage certicates and key stores. In the Clusters and Enterprise
Prole, on the server side, the Enterprise Server uses NSS, which uses certutil to manage
the NSS database which stores private keys and certicates. In both proles, the client side
(appclient or stand-alone), uses the JSSE format.
By default, the Enterprise Server is congured with a keystore and truststore that will work
with the example applications and for development purposes. For production purposes, you
may wish to change the certicate alias, add other certicates to the truststore, or change the
name and/or location of the keystore and truststore les.
Changing the Location of Certicate Files
The keystore and truststore les provided for development are stored in the domain-dir/config
directory.
Use the Admin Console to add or modify the value eld for the new location of the certicate
les.
-Dcom.sun.appserv.nss.db=${com.sun.aas.instanceRoot}/NSS-database-directory
where NSS-database-directory is the location of the NSS database.
Using Java Secure Socket Extension (JSSE) Tools
Use keytool to set up and work with JSSE (Java Secure Socket Extension) digital certicates. In
the Developer Prole, the Enterprise Server uses the JSSE format on the server side to manage
certicates and key stores. In all the proles, the client side (appclient or stand-alone) uses the
JSSE format.
The J2SE SDK ships with keytool, which enables the administrator to administer
public/private key pairs and associated certicates. It also enables users to cache the public keys
(in the form of certicates) of their communicating peers.
To run keytool, the shell environment must be congured so that the J2SE /bin directory is in
the path, or the full path to the tool must be present on the command line. For more
information on keytool, see the keytool documentation at
http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html.
Using the keytool Utility
The following examples demonstrate usage related to certicate handling using JSSE tools:
UsingJavaSecure SocketExtension(JSSE)Tools
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008112