In case you have a certificate and private key provided by a Certificate Authority, you would need to include both the server and the intermediate certificate, as well as the private key provided by CA to the keystore.
Steps to follow
Merge both the Certificates
Copy the contents of Server certificate to the .pem file
Copy the contents of the intermediate certificate to the .pem file
Export this file as a pfx using Openssl:
openssl.exe pkcs12 -in chain.pem -inkey PRIVATEKEY.key -export -out certs.pfx -name myAlias
Once the Certificates and private key are imported, you need to point the keystore to this pfx file, and provide alias in the server.xml
<Connector port="8443" protocol="HTTP/1.1" sslEnabledProtocols="TLSv1.2"
connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true"
maxHttpHeaderSize="16384" keystoreFile="/u01/flexdeploy/flexdeploy.pfx"
keystorePass="changeit" keyAlias="myAlias" clientAuth="false" compression="on" compressionMinSize="1024"/>
Restart FlexDeploy once changes are made in server.xml