To administer SSL certificates the Keystore Configuration portlet in available by selecting Keystore on the Console Navigation menu on the left hand side. From this portlet you can either import an existing certificate or create a new certificate request.

The certificates in Geronimo are stored in a keystore located in <geronimo_home>\var\security\keystores\geronimo-default.

If you want to use a different keystore other than the one provided by default you can create one by clicking on New Keystore. You will be prompted with a keystore name and a password, enter those values and click Create Keystore, for this example we entered sample_keystore and password respectively.

The keystore you just created does not yet contain any certificates nor key as depicted in the following figure.

To create a private key click on the keys on the keystore you just created and then click on Create Private Key. Enter valid data in the appropriate field data.

Click on Review Key Data and then on Generate Key. You should now see the key you just generated listed in the Keystore Configuration portlet.

You now can use that certificate by configuring an HTTPS connector as described in Add new HTTPS listener. For this example we have modified the existing TomcatWebSSLConnector, we specified the new keystore and password and saved the configuration.

If you now point your browser to that particular port you should see the server is using the certificate you created previously. For this example, as we are using the existing SSL connector, we point the browser to:

http://localhost:8443