It is very likely that the admin console is just updating the domain.xml file anyway. In either case, it is good practice to avoid modifying the domain.xml file wherever possible. There is no official advice in the Security Guide for GF4 and the only mention of the certificate nickname is:

无论如何，管理控制台很可能只是在更新 domain.xml 文件。在任何一种情况下，尽可能避免修改 domain.xml 文件是一种很好的做法。GF4 的安全指南中没有官方建议，唯一提到的证书昵称是：

If you enable secure admin on an SSL-enabled GlassFish Server installation, secure admin uses the existing value as the DAS admin alias for secure admin.

如果在启用 SSL 的 GlassFish Server 安装上启用安全管理，则安全管理将使用现有值作为安全管理的 DAS 管理别名。

https://glassfish.java.net/docs/4.0/security-guide.pdf

https://glassfish.java.net/docs/4.0/security-guide.pdf

Changing the nickname isn't actually necessary, from a functional perspective. When you import your key/cert to the keystores you can just use the same name to replace the existing cert, which is perfectly valid.

从功能的角度来看，更改昵称实际上并不是必需的。当您将密钥/证书导入密钥库时，您可以使用相同的名称来替换现有的证书，这是完全有效的。

Edit: To change alias names with the asadmincommand, you can use enable-secure-adminwith either --instancealias myNewAliasor --adminalias myOtherNewAlias(or both).

编辑：要使用asadmin命令更改别名，您可以使用enable-secure-adminwith--instancealias myNewAlias或--adminalias myOtherNewAlias（或两者）。

The default for adminaliasis s1asand the default for instancealiasis glassfish-instance.

默认adminaliasISs1as和默认instancealiasIS glassfish-instance。

http-listener-2is the default http listener (glassfish or payara) with ssl enabled on port 8181, if you have created another change for it in the bellow command.

http-listener-2是默认的 http 侦听器（glassfish 或 payara），在端口 8181 上启用了 ssl，如果您在下面的命令中为它创建了另一个更改。

asadmin set "configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.cert-nickname=yourNickName"