I read documentation about certs at
http://download.oracle.com/docs/cd/E18930_01/html/821-2435/ablqz.html#scrolltoc
and i have following comments for improving it.
1. after installation keystore.jks contains 2 private keys:
glassfish-instance and s1as.
glassfish-instance is most likely key used for securing admin 4848 port,
because private key name is not configurable from GUI and s1as is
configurable and used for https listener.
There is no reference to key glassfish-instance in documentation.
2. private key and certs are most likely to be distributed in PEM
format. You have instructions for generating and signing key but
instructions for importing existing key to be used for virtual SSL
server and/or admin 4848 instance is missing.
because keytool can not import PEM certificates, you have to provide
instructions how to convert them to PKCS12 with openssl and then import
them with keytool. Actually i dont understand why Sun/Oracle didnt added
support for most used certificate/private key format to keytool.
--
apache geronimo has gui for generating keys, cert requests, import
certificates but not for importing private keys. You can take a look at
apache geronimo for inspiration if you have plans to write GUI for this.
GUI is nice to have but if i can choose between GUI for import keys and
replacing Eclipselink with OpenJPA then i vote for second. Seriously
guys eclipse link must go away, openjpa is industry standard weblogic,
geronimo, websphere is using it while jboss is using hibernate.