There are 2 files you should be interested in (please note domain1 used by me):
- $GLASSFISH_HOME/domains/domain1/config/cacerts.jks - truststore - holding all the public keys
- $GLASSFISH_HOME/domains/domain1/config/keystore.jks - keystore - holding all the private keys
The default alias used for the secured http-listeners is called: s1as.
To examine the contents
To list truststore contents use:
keytool -list -v -storepass changeit -keystore $GLASSFISH_HOME/domains/domain1/config/keystore.jks keytool -list -v -storepass changeit -keystore $GLASSFISH_HOME/domains/domain1/config/cacerts.jksPlease note that you need to adapt path to keystores, depending on domains used as well as password you have configured for glassfish to protect the keystore/truststore.
Default keys are generated during domain creation via asadmin's create-domain command.
Implementation is present in (in my case I refer to version 3.1.1): https://svn.java.net/svn/glassfish~svn/tags/3.1.1/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/KeystoreManager.java