Installation of the Application Server generates a digital certificate in JSSE format suitable for internal testing. By default, the Application Server stores its certificate information in two files in the install_dir/domains/
domain_name/config
directory:
keystore.jks
, contains the Application Server’s digital certificate, including its private key. The keystore file is protected with a password, initially changeit
. Change the password using keytool
. For more information about keytool, read
"About the Keytool Utility".
Each keystore entry has a unique alias. After installation, the Application Server keystore has a single entry with alias s1as
.
cacerts.jks
, contains the Application Server’s trusted certificates, including public keys for other entities. For a trusted certificate, the server has confirmed that the public key in the certificate belongs to the certificate’s owner. Trusted certificates generally include those of certification authorities (CAs).
In the Platform Edition, on the server side, the Application Server uses the JSSE format, which uses keytool
to manage certificates and keystores. In the Enterprise Edition, on the server side, the Application Server uses NSS, which uses certutil
to manage the NSS database which stores private keys and certificates. In both editions, on the client side (appclient or stand-alone), use the JSSE format.
By default, the Application Server is configured with a keystore and truststore that will work with the example applications and for development purposes. For production purposes, you may wish to change the certificate alias, add other certificates to the truststore, or change the name and/or location of the keystore and trust-store files.
See also: