Copy the keystore as keystore.jks in domain's config folder. If you have created certs in it, change the nick-name "s1as" in domain.xml to point to that. (IOW, replace "s1as" in domain.xml with what you have in your keystore).
One way to do it is to use the standard JSSE system properties javax.net.ssl.keyStorePassword and trustStorePassword in domain.xml as plain old -D's.
If you are worried about the plain-text passwords in domain.xml, you can put it in a file as a property AS_ADMIN_MASTERPASSWORD and pass that file to asadmin start-domain command.
If you are using GlassFish v3, you will get prompted for this password when you start. This is by far the safest.
In GF, master password is same as the keystore password.
[Message sent by forum member 'km']
http://forums.java.net/jive/thread.jspa?messageID=474392