(text below is copied from the GlassFish forum thread
The automatic Web Start availability of enterprise application clients is very
convenient, but only if the client-server communication is encrypted (at least
in our environment). I pieced together what I think needs to happen to encrypt
client/server communication (add ior-security-config to sun-ejb-jar.xml; specify
IIOP/SSL port in target-server in sun-acc.xml, and possibly add a
client-credentials tag in sun-acc.xml; specify VMARGS for certs), however,
significant parts of the process require modifying sun-acc.xml.
I am unsure how to specify values in the (apparently) auto-generated sun-acc.xml
used by ACC apps deployed with Web Start. I initially tried modifying <domain
dir>/config, but to no avail. The sun-acc.xml distributed via Web Start (found
on my Windows machine in <user dir>/Local Settings/Temp) bears no resemblance to
the file I modified on the server.
Is there a way to control the sun-acc.xml for ACC applications deployed with Web
Start? Or is there another/better way of setting up IIOP/SSL communication?