Thanks for your info Naor. I used it along with some info from the Internet and what I experienced with my server to create this procedure.
1) Get your existing keystore password out of your server.xml file:
Go To C:\Vontu\Protect\tomcat\conf\server.xml
Open with a text editor like Notepad. You will find an entry like this below
with your existing keystore password. Tomcat uses this password to unlock the
keystore whenever it restarts the daemon. In my example here the password
is "MyPassword".
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0"
disableUploadTimeout="true" enableLookups="false"
keystoreFile="conf/.keystore" keystorePass="MyPassword"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
port="443" scheme="https" secure="true" sslProtocol="TLS"/>
<Engine debug="0" defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="false" debug="0" name="localhost"
unpackWARs="false" xmlNamespaceAware="false" xmlValidation="false">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="C:\Vontu\Protect\logs\tomcat" pattern="%h %l %u %t "
%r" %s %b "%{Referer}i" "%{User-Agent}i"
%{com.vontu.manager.session.label}s %D" prefix="localhost_access_log."
resolveHosts="false" suffix=".txt"/>
</Host>
</Engine>
</Service>
</Server>
2) From the same directory, copy out your .keystore file to a safe location in case
you need to revert back to it. The Tomcat daemon will not start if this file
is missing so you need a backout plan if something goes wrong.
3) Now you will need to use the keytool.exe utility. It should be located
in C:\Vontu\jre\bin and you will probably have to use the full path when
using it.
Generate a new keystore container with this command:
C:\Vontu\jre\bin\keytool -genkey -alias server_name -keyalg RSA -keysize 1024 -keystore .keystore -validity 365 -storepass MyPassword
*Note that the alias is the fully qualified domain name (FQDN) of your server
like servername.mydomain.com and that "MyPassword" is just an example.
4) Now you generate the Certificate Signing Request (CSR) file.
C:\Vontu\jre\bin\keytool -certreq -alias server_name -keyalg RSA -keystore .keystore -storepass MyPassword -file "VontuEnforce.csr"
You will be prompted for several pieces of information. Probably the most
important is the "First and Last name" That's where you would put in the
FQDN of your server. The rest of the info should be accurate too expecially
if you are using a commercial Certificate Authority (CA).
5) Send your CSR file off to a CA and have a PCKS#7 chained certificate generated.
Copy that file you receive into the same directory. It should have a .p7b
extension. In our case we generated the file on our Microsoft Certificate
server in-house. In our example we renamed the file to VontuEnforce.p7b.
6) Import the chained certificate from file. You will need your password again.
C:\Vontu\jre\bin\keytool -import -alias server_name -keystore .keystore -trustcacerts -file VontuEnforce.p7b
Enter keystore password: *******
7) Restart your Vontu Manager service. If all is well you should now have a valid certificate.