Hi Patrick,
The steps outlined here are what I generally use when walking customers through cert importing:
Configure OneClick for Secure Sockets Layer - CA Spectrum - 10.2 to 10.2.3 - CA Technologies Documentation
There are a couple of items to take note on:
Be sure to use the keytool we ship with Spectrum
You may need to specify a keysize of 2048 when you create the key..so your command would be:
./keytool -genkey -alias tomcatssl -keyalg RSA -keysize 2048 -keystore c:/win32app/Spectrum/custom/keystore/cacerts
Be sure that you generate a unique key on each OC and from that key generate the CSR.
If you have multiple OC, you will need to run the genkey/csr creation on each of them.
Make a copy of your $SPECROOT/custom/keystore/cacerts file. If you mess up, you can start from this copy instead of having to start all over with new keys and csr.
The key that you receive back needs to be imported on the OC box that you submitted the csr for. You cannot use it on another OC machine.
If you don't get a cert that includes root and any intermediate, make sure you import those before importing the final cert.
Cheers
Jay