Java Reference
In-Depth Information
• If you want to replace the existing
keystore.jks
, you must either change your
keystore's password to the default password (
changeit
) or change the default
password to your keystore's password.
To Specify a Different Server Certificate
To specify that the GlassFish Server should use the new keystore for authentication and
authorization decisions, you must set the JVM options for the GlassFish Server so that
they recognize the new keystore. To use a different keystore from the one provided for
development purposes, follow these steps.
1. Start the GlassFish Server if you haven't already done so. Information on
starting the GlassFish Server can be found in “
Starting and Stopping the
GlassFish Server
”
on page
41
.
2. Open the GlassFish Server Administration Console in a web browser at
ht-
tp://localhost:4848.
3. Expand Configurations, then expand server-config, then click JVM Settings.
4. Select the JVM Options tab.
5. Change the following JVM options so that they point to the location and name
of the new keystore. The current settings are shown below:
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/key-
store.jks
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/
cacerts.jks
6. If you've changed the keystore password from its default value, you need to
add the password option as well:
-Djavax.net.ssl.keyStorePassword=
your-new-password
7. Click Save, then restart GlassFish Server.
Authentication Mechanisms
This section discusses the client authentication and mutual authentication mechanisms.
Client Authentication
With
client authentication
, the web server authenticates the client by using the client's
public key certificate. Client authentication is a more secure method of authentication than
