The default location of the PKCS12 Keystore generated during the StrongKey Tellaro KeyAppliance installation is in the following folder. This will be referred to as GLASSFISH_CONFIG.

/usr/local/strongauth/payara6/glassfish/domains/domain1/config

With the newly prepared keystore, the existing one can now be replaced.

• Make a backup of the current PKCS12 keystore.
  

  cp GLASSFISH_CONFIG/keystore.p12 GLASSFISH_CONFIG/backup-keystore.p12
  

• Replace the current PKCS12 keystore with the new one - signedcertificate.p12:
  

  cp signedcertificate.p12 GLASSFISH_CONFIG/keystore.p12
  

• Restart the payara server to make it use the new keystore.
  

  sudo systemctl restart payara

Now connect to the payara server on a browser, making sure to clear the cache by making a hard refresh. If the connection to the server is successful, use the browser to check the certificate that the website is using and ensure that it matches the certificate that was issued by the external CA.