Hi,
I want to secure my keystore.jks file by changing the password. I changed the master password and the key password (both using same new password), then added the following JVM option to GlassFish's domain.xml:
<jvm-options>-Djavax.net.ssl.keyStorePassword=MySecretPassword</jvm-options>
GlassFish starts without errors. Those instructions came from here:
http://docs.sun.com/app/docs/doc/820-4285/fxybd?a=view
Next I wanted to create a password alias so that the password is never shown in plain text in config files or anywhere else. I created a password alias using asadmin, then updated the jvm option to look like this:
<jvm-options>-Djavax.net.ssl.keyStorePassword=${ALIAS=SslKeystorePasswordAlias}</jvm-options>
Now when I start GlassFish I get an exception with the nested cause being:
java.lang.IllegalStateException: Keystore was tampered with, or password was incorrect
That makes me think the key alias was not replaced with the real password. Can someone please confirm whether or not I can use password aliases in JVM options, and tell me if there is a better way of securing my keystore?
Thanks,
Ryan
[Message sent by forum member 'rdelaplante' (ryan_at_ijws.com)]
http://forums.java.net/jive/thread.jspa?messageID=364931