We are having difficulty importing the Certificate required to setup SSL in OneClick.   We have tried a few formats and it is failing.   When we issue this import  command:

./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file certificate.p7b

We receive the following error:

Certificate reply does not contain public key for tomcatssl

We reviewed the cacerts keystore to verify there is a valid entry for alias tomcatssl:

./keytool -list -v -keystore $SPECROOT/custom/keystore/cacerts > cacerts_keystore.OUT

Release : 20.2

Component : Spectrum Core / SpectroSERVER

The order of the certs in the certificate were incorrect.

We needed to have the Certificate Authority (CA) regenerated the p7b certificate file specifying root first, then intermediate, then entity.  They had initially generated it as entity, intermediate, and root which does not work.