You have purchased a certificate from a reputable vendor and would like to use said certificate for Enforce UI/tomcat.
1. Create a local certificate.
keytool -genkey -alias tomcat -keyalg RSA -keystore <your_keystore_filename>
2. Generate a new CSR.
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <your_keystore_filename>
3. Submit the file to the Certificate Authority. They will provide you with a new signed certificate.
4. Download a Chain Certificate from the Certificate Authority you obtained the Certificate from.
5. Import the Chain Certificate into your keystore.
6. And finally import your new Certificate.
Tomcat Apache 7.x and is similar to newer versions.