I needed to generate a new certificate for glassfish's admin pages.

Instead of using the normal OpenSSL self-signed certificate it was easier just to use the java keystore keytool

keytool -genkey -keyalg RSA -alias <alias_referred_to_in_glassfish> -keystore glassfish/domains/domain1/config/keystore.jks -storepass changeit

Note the -keyalg RSA - keytool by default uses DSA and firefox 3.0 will not accept this even with an added security exception.