For Digi-SSL Xp™ Certificates
Keytool -import -trustcacerts -alias INTER -file Digi-SignCADigi-SSLXp.crt -keystore domain.key

For Digi-SSL Xs™ Certificates
Keytool -import -trustcacerts -alias INTER -file Digi-SignCADigi-SSLXs.crt -keystore domain.key

The password is then requested.

Enter keystore password: (This is the one used during CSR creation)
The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):

Owner: CN=UTN-USERFirst-Hardware, O=The USERTRUST Network, C=US
Issuer: CN=UTN-USERFirst-Hardware, O=The USERTRUST Network, C=US
Serial number: 44 be 0c 8b 50 00 24 b4 11 d3 36 2a fe 65 0a fd
Valid from: Fri Jul 9 18:10:42 GMT 1999 until: Fri Jul 9 18:19:22 GMT 2019
Certificate fingerprints:
MD5: ...
SHA1: 04 83 ed 33 99 ac 36 08 05 87 22 ed bc 5e 46 00 e3 be f9 d7
Trust this certificate? [no]:

Certificate was added to keystore

All the certificate are now loaded and the correct root certificate will be presented.

You will need to amend your configuration to use the new keystore file you created.

1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.

2. Find the following section:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystoreFile="domain.key"
keystorePass="YOUR_KEYSTORE_PASSWORD" />

After completing these configuration changes, you must restart Tomcat as you normally do, and you should be in business. You should be able to access any web application supported by Tomcat via SSL.