I have found that when working with Glassfish, it is best to make only one change at a time then validate that everything still work. Before changing the default keystore password or the default certificate, you want to verify that SSL is working with the default self-signed certificate "s1as". If all is well, change the certificate nickname to your SSL certificate -- and verify that Glassfish still works correctly.
Once you have SSL using a production certificate working, then you can change the keystore password, however this must be done through the command line, to change the Glassfish master password. See Kumar's blog for details...
http://weblogs.java.net/blog/kumarjayanti/archive/2007/11/index.html
Three things to bear in mind...
1. When you change the Glassfish master-password, you will need to go into the keystore and change the keypass of your new alias (the production cert)
2. The keystore should also include "s1as" for Glassfish to function correctly.
3. If you need to genkey s1as, make sure that you define "validity" and set it to 730 or greater. The default is 90 days.
Hope this helps.
Derek
[Message sent by forum member 'djsceats' (djsceats)]
http://forums.java.net/jive/thread.jspa?messageID=355818