Configuring Alternate KeyStores for SSL

Payara Micro comes with Keystore files directly embedded within the JAR file.

These can be overridden using the following standard Java SSL system properties:

  • javax.net.ssl.trustStore

  • javax.net.ssl.keyStore

  • javax.net.ssl.trustStorePassword

  • javax.net.ssl.keyStorePassword

When packaging applications into an Uber Jar any keystores specified via system properties will be copied into the uberjar to replace the default internal keystores. However the uber jar will not contain the passwords and these must still be specified via the system properties.

Setting the Key-Pair at Runtime

Since Payara Server 4.1.2.182 and 5.182

The key-pair to use as Payara Micro’s SSL certificate can also be specified using the --sslCert command line option like this:

java -jar payara-micro.jar -sslCert my-custom-alias
The default key-pair name is s1as if not overriden via the command line switch.