Last monday, I had to 'secure' the smcwebserver from Sun (or should I say Oracle?), that is used by ARCo. But I run into a few issues:
- My lack of knowledge about Java;
- Keytool doesn't allow you to import keys generated by tools like openssl
But... I was able to handle them both and know I have an smcwebserver (which is using Java-keystores) running with a key that was generated by openssl and a certificated signed by our enterprise CA.
There for I had to do some Java 'hacking'. After some hours spending on Google-searches, I landed on a posting on the website of 'Agent Bob'. He has some Java-program that allows you to 'import' keys and certificates that were generated outside keytool 
Although, I had to perform some minor modification on the Java-code, to set the password of the new JKS to 'changeit', because that is what smcwebserver will try to open the keystore. So, you need to make sure that line 87 is:
String keypass = "changeit";
For your convenience you can download the modified version here.
Now, create a Java class with the command (please note, I'm not a Java-specialist, so something else will work as well... but this worked for me 
):
$ javac ImportKey.java
Having this done, you must make sure, your key-file and (signed) certificate are in the DER format. If they are not, you can convert them using the following commands:
$ openssl pkcs -topk8
-nocrypt
-in server.key
-out server.key.der
-outform der
$ openssl x509 -in server.crt
-out server.crt.der
-outform der
We can import the keys with the Java-program:
$ java ImportKey server.key.der server.crt.der webconsole
And last, but not least, put the keystore in place (and of course we make sure we've a backup of the old one):
# cp /var/opt/webconsole/domains/console/conf/keystore.jks{,.backup}
# cp $HOME/keystore.ImportKey /var/opt/webconsole/domains/console/conf/keystore.jks
Now we have to restart the smcwebserver:
# smcwebserver stop
# smcwebserver start
That's all
