|Home > Documentation > User's guide > Administration > Administrative Tasks > Configuring security > Administering certificates|
To administer SSL certificates the Keystore Configuration portlet is available by selecting Keystore on the Console Navigation menu on the left hand side. From this portlet you can either import an existing certificate or create a new certificate request.
The certificates in Geronimo are stored in a keystore located in <geronimo_home>\var\security\keystores\geronimo-default.
If you want to use a different keystore other than the one provided by default you can create one by clicking on New Keystore. You will be prompted with a keystore name and a password, enter those values and click Create Keystore, for this example we entered sample_keystore and password respectively.
The keystore you just created does not yet contain any certificates nor key as depicted in the following figure. Also note the keystore is by default locked, that is the closed lock in the Available column. Once you create the certificate you will need to click on the lock to make that certificate available, you will be prompted with the passwords for the keystore and certificate.
To create a private key click on the keys on the keystore you just created and then click on Create Private Key. Enter valid data in the appropriate field data.
Click on Review Key Data and then on Generate Key. You will see the key you just generated listed in the Keystore Configuration portlet.
You now can use that certificate by configuring an HTTPS connector as described in
http://cwiki.apache.org/GMOxDOC21/adding-new-listeners-for-the-web-containers.html. Remember to make the certificate and keystore available by clicking on the "lock". For this example we have modified the existing TomcatWebSSLConnector, we specified the new keystore and saved the configuration.
For this configuration to take effect you must restart the connector. Click on the stop link corresponding to the network listener you just updated, in this case TomcatWebSSLConnector, and then click on start. Now this connector is using the new keystore and certificate.
If you now point your browser to that particular port you will see the server is using the certificate you created previously. For this example, as we are using the existing SSL connector, we point the browser to: