Without seeing the Sun instructions, I can't comment about the reference to .keystore. However, I would suggest sticking with using the .jks (Java KeyStore) extension for your keystore, since this is what is used in the Glassfish \domains\domain1\config directory.
I am also not clear which keystore you used to create your keypair, CSR and imported the signed certificate and class/root certificates. If you created a new keystore called "mykeystore.jks" and then did the previous steps in this keystore, you may still have issues with Glassfish. When Glassfish is installed (ant -f setup.xml), it creates the \config directory and its contents. It creates a self-signed keypair called "s1as", which is located in the default keystore.jks in this \config directory. The "s1as" signing key is used in Glassfish, so if you created a new keystore (mykeystore.jks), you should probably also generate a new "s1as" keypair.
While you can edit domain.xml with the name of your keystore, it is just as easy to copy your keystore into the \config directory, rename the existing keystore (eg: keystore.old) then copy mykeystore.jks and rename to keystore.jks. Make sure this keystore has s1as in it. Also, import the class/root certificates into cacerts.jks. Restart Glassfish.
You should now be able to go to
http://<FQDN>:4848 and change the signing key alias to your signed certificate alias name. Restart Glassfish and you should now have you signed certificate installed on the SSL-enabled port. You can test this by going to
https://<FQDN>:8181 and checking the certificate details.
Hope this helps.
Derek
[Message sent by forum member 'djsceats' (djsceats)]
http://forums.java.net/jive/thread.jspa?messageID=354717