Configuring Alternate KeyStores for SSL

Payara Micro comes with Keystore files directly embedded within the JAR file.

These can be overridden using the standard Java SSL system properties, like,, and

The key-pair to use as Payara Micro’s ssl certificate can also be specified using the --sslCert command line option. The default key-pair name is s1as if not overriden via the command line switch.

When packaging into an Uber Jar any keystores specified via system properties will be copied into the uberjar to replace the default internal keystores. However the uber jar will not contain the passwords and these must still be specified via the system properties.