Your installation is secured using self-signed certificates. Self-signed certificates, while just as secure as commercial certificates, aren’t automatically trusted. This makes them hard to manage. Commercial certificates are necessary when you need widespread support for your certificate and fortunately, most web browsers and operating systems already support many commercial certificate authorities.
Information you must know:
keystore location - /etc/keystore.bcfks
keystore format - bcfks (Bouncy Castle FIPS)
default password - changeit
key pair alias - servlet-engine
How to replace the self-signed certificate varies depending on whether you are replacing the self-signed certificate with one obtained through a CSR into the default keystore or whether you are replacing it with your own non-default keystore and certificate.