Try the following on the AEWS host
keytool -v -list -storepass changeit -storetype JKS -keystore $AUTOUSER/webserver/conf/.keystore
Try the following on the WCC host
keytool -v -list -storepass changeit -storetype JKS -keystore $CA_WCC_INSTALL_LOCATION/data/config/.keystore
Two things to look for in the outputs.
1 - in the output from AEWS is there only 1 certificate or is it part of a chain?
If it is a single one then run:
keytool -export -alias tomcat -file AEWScert.cer -storepass changeit -storetype JKS -keystore $AUTOUSER/webserver/conf/.keystore
If it is part of a chain you need to export the others as well.
2 - In both the lists (on AEWS and WCC) check if you see multiple "tomcat" names as an alias.
Each entry must be unique within the keystore..
So, you can give the AEWS entry a different alias when you import it into the WCC keystore if needed.
keytool -import -alias tomcat2 -file AEWScert.cer -keystore $CA_WCC_INSTALL_LOCATION/data/config/.keystore
(again if the AEWS has been customized you need to export out the entire chain and use unique aliases when you import them into wcc).