Hi, a colleague has already solved this. He generated a certificate on the Eset protect Client Certificates website, directly to the address, which he then exported to PFX and exchanged using an ssh connection to the virtual server.
copy server-tomcat.pfx to /etc/tomcat/server-tomcat.pfx
restorecon /etc/tomcat/server-tomcat.pfx (SELinux)
vi /etc/tomcat/server.xml
...
keystoreFile = "/etc/tomcat/server-tomcat.pfx"
keystorePass = "***"
keystoreType = "PKCS12"
/>
systemctl restart tomcat
ONJC received kudos from Peter Randziak in Where to update Custom CA SSL Certificate on ESET Protect Web Interface