During setup, administrators have the option of using self-signed certificates or CA-signed certificates for the server certificate. Where possible, we encourage the use of CA-signed certificates. Self-signed certificates are recommended only for demonstration and proof-of-concept environments.
If you specify the option --generateSelfSignedCertificate during setup, the server certificate is generated automatically with the alias server-cert. The key pair consists of the private key and the self-signed certificate, and is stored in a file named keystore, which resides in the server's /config directory. The certificates for all the servers that the server trusts are stored in the truststore file, which is also located under the server's /config directory.
To override the server certificate alias and the files that store the key pair and certificates, use the following arguments during setup:
For more information about these arguments, refer to the setup tool’s Help and the Installation Guide.