Here are a couple possible solutions I found over the last few days:
Solution A - Use a pkcs12 file
1) Get the certificate (with a .pfx extension) from the network admin.
2) Follow steps to convert the keystore from a .pfx to a pkcs12 file (.p12 extenstion) listed in
http://www.jguru.com/faq/view.jsp?EID=532461 You will use the .p12 file INSTEAD of the keystore.
Solution B - Create the certificate yourself
1) Create the keystore using the keytool command.
2) Follow the steps listed in
http://mark.foster.cc/kb/openssl-keytool.html to convert the keystore file to a .pfx file.
3) Get the .pfx file signed (not sure if this would cost extra money if you've already paid for a certificate)
4) Give the .pfx file to the network admin and have them replace the existing certificate
I could be wrong here...but from what I found there really is no way to import a certificate into the keystore that was not originally a created by the keytool. The reason for this is that the keystore is simply a file that contains a public and private key. When you do an import the only thing that is imported is the public key...NOT the private key. So, unless you are importing a signed version of the exact same public key that corresponds to the private key - the two won't match.
So basically if you are going to import into the keystore, it better be the same certificate that you generated using keytool and that you exported - just stamped with verisign's or thawte's approval.
Hope this helps.
