To generate a new keystore from the existing certificates I used the following commands:
Create a pkcs12 keystore from the certificate using openssl:
openssl pkcs12 -export -in star_domain_com.crt -inkey star_domain_com.key -certfile DigiCertCA.crt -out keystore.p12Convert the pkcs12 keystore into a jks keystore:
keytool -importkeystore -srckeystore keystore.p12 -destkeystore keystore -srcstoretype pkcs12You can use the following command to check your keystore contents:
keytool -list -keystore keystoreUsually your certificate will be stored under the alias 1, you might want to change that to tomcat, use the command:
keytool -changealias -alias 1 -destalias tomcat -keystore keystore