Skip to content

Replace the Certificate with Your Non-default Keystore

You can use a keystore other than the default (sessionserver/etc/keystore.bcfks) to store your CA-signed certificates.

Specify the following properties in sessionserver/conf/


Where the keystore path is set to the non-default keystore file name and the keystore password is set to the obfuscated value generated by the following command from the sessionserver directory:

../java/jre/bin/java -cp ./lib/jetty-util-<version>.jar passwordToObfuscate

For example:



To avoid confusion, delete the default keystore.

To prevent the default keystore from being generated when the server starts up, open /conf/product-core-ctx.xml in a text editor and either remove or comment out the servletEngineKeystoreGenerator section. Restart the session server.