I have couple of suggestions regarding generation of self signed certificate.
One can use following option combination to generate cert. in one go.
keytool -genkey -alias ejb-ssl -keystore localhost.keystore -storepass EJB-SSL_KEYPAIR_PASSWORD -keypass EJB-SSL_KEYPAIR_PASSWORD-dname "CN=localhost,OU=QE,O=redhat.com,L=Brno,C=CZ"
Especially important is part -dname where CN must contain name of server which will use the certificate in its https connector.
My example is for localhost usage. Certificate has to have CN=server_name from this example scheme https://server_name:8443/invoker/JNDIFactory. If not, user will get "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching" exception.
Can you incorporate this to the section 22.214.171.124, please?