The following changes are targetted to extend the Graphical Setup and provide the possibility of configuring SSL and Start TLS.

In the particular case where the user provides a keystore with multiple certificates, the user is prompted to choose one of the certificates.

The committed changes include Neil's wording proposal and fix both the bug he found using PKCS#11 and the layout problem.

When the user chooses to enable SSL or StartTLS, the code does the following:

* In the particular case of the self-signed certificate a random password is generated and a JKS keystore is created under <server_root>/config/keystore.

* In all cases where  the password to access the keystore is stored in clear under <server_root>/config/keystore.pin.

* In all cases a JKS Trust Store containing the server certificate is created under <server_root>/config/truststore.  Please tell whether using a Blind Trust Manager is a better alternative.

Known Issues and Limitations
============================

The code in CertificateManager must be updated to avoid calling keytool with the password in clear.

The setup will not work if the keystore's password and the certificate key password are different.