Any error messages in the log file - catalina.out - ?

Yes. There is a lot in there to wade through, however I am seeing a few reoccurring lines...

SEVERE: Failed to load keystore type JKS with path conf/.keystore due to Keystore was tampered with, or password was incorrect

Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:786)

These two message repeat frequently in this log. However, I followed the Novell TID to the T, even doing it over mulitple times with the same results and messages in this log file.

Any ideas?

Thanks.

When you created your keystore file, did you make sure to use the default password "changeit" for everything?

Yes.

I did it one more time for today.

It seems to be working now with my certs in IE and Chrome, but Firefox still complains about the certificate.

If you can access it from IE/Chrome, it means that the certificate is fine at least from the server's point of view.

If you have trouble with FF, it sounds like to me that your certificate is not a CA certificate but a private one. If so, I guess you will just have to accept the untrusted certificate.

I have a similar problem but, I used a different password to generate the CSR and used the same password to import the CRT file to create .keystore!

Is the "changeit" password a required password or does it just have to be the same as what I used?

The only other issue that might be causing this is the last step:

keytool -import -alias tomcat -keystore .keystore -trustcacerts -file TeamServerCert.crt

This is supposed to generate a response of “Certificate reply was installed in keystore” and in my case it simply said Certificate was added to keystore? 

The "changeit" is not a required password. You can use any password you want, as long as you use the same password consistently. Make sure that you used the same password for both keystore file as well as the key itself.

Thanks for the input.

I'm using SSL Certs from GoDaddy; they give me 4 .CRT files to use with the KeyGen tool.  Here's their instructions:

Installation Option Two: Installing SSL Certificate and Intermediate Certificates Separately

Installing Root and Intermediate Certificates

Once you have downloaded the certificates to your local machine, please use the following keytool commands to import them:

Root:

First intermediate (gd_cross_intermediate.crt):

Second intermediate (gd_intermediate.crt):

Installing SSL Certificate

1. Use the following command to import the issued certificate into your keystore.
2. keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file <name of your certificate>

Here are the instructions in TID 7001857

Step Four: Importing certificates into Teaming

In this section we will import the two certificates acquired from eDirectory into the new keystore created in step one. The two certificates will need to move moved/transported to the Teaming server preferably in the same directory as the .keystore file created in step one. In this TID the example directory is /home/admin/certs.

1. Open a terminal prompt window

2. Change to the certs directory: cd certs

3. If the certificates created in step three are not on the Teaming server, copy them onto it in the certs directory

4. Import the Self Signed certificate first (if this is a third party certificate it maybe called the Root or chain certificate:
   keytool -import -keyalg RSA -keystore .keystore -trustcacerts -file SelfSignCert.der

5. When prompted for a password, use “changeit” without the quotes

6. When prompted to accept the Certificate fingerprints, type yes and press Enter
   If successful a comment of “Certificate was added to keystore” will be displayed

7. Import the certificate for the Teaming server with the following command:
   keytool -import -alias tomcat -keystore .keystore -trustcacerts -file TeamServerCert.der

8. When prompted for a password, use “changeit” without the quotes
   If successful a comment of “Certificate reply was installed in keystore” will be displayed

I have tried what I think is the correct order to import the .CRT files into the .keystore but, I never get the "Certificate reply was installed in keystore"; I only get "Certificate was added to keystore"

When I go to use the when I restart Teaming, I get: "SEVERE: Failed to load keystore type JKS with path conf/.keystore due to Keystore was tampered with, or password was incorrect" and HTTPS does not load a page; not responding!

What am I doing wrong?  GoDaddy also gives me a gd_bundle.crt file which they're telling me can be used in place of steps for gd_cross_intermediate and gd_intermediate, I'm using that in place of the SelfSigned.der in the TID and the file named with my FQDN (FQDN.crt) as the TeamServCert.der  What's the significance of the -keyalg RSA switch?

Did you make sure to specify your non-default password in the Tomcat's server.xml file? The relevant sections looks like the following:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/.keystore"
keystorePass="changeit"
keyAlias="tomcat"
URIEncoding="UTF-8" />

So the key Pass and Alias were not even listed; I added them!  Now I'm getting:

SEVERE: Error initializing endpoint

java.io.IOException: Alias name tomcat does not identify a key entry

I've regenerated the .keystore and it says added; when I go to add it again, it says key already exists in the .keystore

What now?