This document provides a sample list of steps for importing a VeriSign certificate into Service Desk's tomcat.

Solution:

The CA Service Desk Implementation Guide provides steps on how to import a "self-signed" certificate into Tomcat.
However, the steps are not the same for a VeriSign supplied certificate.

The following is an example and may vary slightly depending on the product/certificate purchased from VeriSign.

Steps to install Certificate from VeriSign into Tomcat

1. Follow the steps listed on the VeriSign site depending on the type of purchase made ("Secure Site", "Secure Site Pro", etc...):
   https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR234
   
   When prompted for the certificate type, be sure to request the Microsoft PKCS7 format.
   The java "keytool" should be able to read these without issue.
    
2. Import the certificate received from VeriSign:
   keytool -import -trustcacerts -file c:\newcert.crt -file "c:\.keystore" -alias tomcat
   Note: the Microsoft pkcs7 format should have the VeriSign intermediate certificates.
   
   Edit the Service Desk\bopcfg\www\CATALINA_BASE\conf\server.xml in a text editor.
   Locate the SSL connector section.
   Uncomment it as appropriate.
   Edit as shown in the Windows example below where the location of the ".keystore" file is under "c:\cert\":

   <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
           <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
            port="8443" minProcessors="5" maxProcessors="75"
            enableLookups="true"
         acceptCount="100" debug="0" scheme="https" secure="true"
            useURIValidationHack="false" disableUploadTimeout="true">
         <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
            clientAuth="false" protocol="TLS" keystoreFile="C:\cert\.keystore" keystorePass="changeit" />
       </Connector>

3. Recycle Service Desk Tomcat:
   pdm_tomcat_nxd -c stop
   pdm_tomcat_nxd -c start