Keystore is protected by the masterpassword. But it should be possible to change the masterpassword from the default value changeit. If that is not working file a bug.
On Nov 13, 2012, at 5:20 AM, forums_at_java.net wrote:
> I need to encrypt the db credentials in glassfish. To do this I have used
> create-password-alias and this encrypts the db passwords just fine. My issue
> is that the encryption key for the db password is the glassfish master
> password. Keeping it at the default password is a security hole but if I
> change the master password I run into a problem. I can start glassfish with
> the new master password but my secure port encounters an SSL error. My
> unsecure port is live just fine but none of my secured wsdls work. I found a
> solution which was to add the keystore password to the jvm-options in the
> domain.xml. But as far as I can see, the keystore has to be the same as the
> glassfish master password, if I change it, glassfish won't start. Does anyone
> know if this is true? Can the keystore password be different than the master
> password? If not, is there a way to encrypt the password in the jvm-options?
> The domain.xml needs to be read available to developers. These are the
> jvm-options I had to add: -Djavax.net.ssl.keyStorePassword=[new password]
> -Djavax.net.ssl.trustStorePassword=[new password] I have tried creating an
> alias password for these parameters but this did not work. Looks to me that a
> config service is used to kick off glassfish (with these jvm-options) but
> doesn't know how to use alias passwords. The two options that I can see is
> either encrypting the password in the jvm-options or using a different
> keystore password than the master-password.
>
> --
>
> [Message sent by forum member 'ELFanatic']
>
> View Post: http://forums.java.net/node/892230
>
>