I am posting what I did to import an existing wildcard cert (from rapidssl, if it makes a difference) because I found little info on it. This was done on a Windows 2012R2 box.
So, if you are using a wildcard certificate to secure your ERA server you'll need to create a JKS keystore for tomcat to use. You do not need to create a new keystore with a CSR because the private key already exists.
You will need:
- All of your applicable intermediate certs (.crt files)
- Your wildcard cert (.crt file)
- Your private key (.key file)
Combine your intermediate certs into a ca-bundle