If you have only CSR file and lost certificate, signed by CA (Thawte etc.), you may send this CSR another time to CA for signing.
Implying, you have key and certificate, signed by CA, in PEM format.
Convert cert and key into PKCS#12 container:
openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -out server.p12 -name test_server -caname root_ca -chain -CAfile cacert.pem
caname
, chain
and CAfile
are optional args, they add CA chain to container.
Tomcat supports PKCS#12 certificates, but if you want JKS, it may be done from PKCS#12 by keytool (starting from Java 6):
keytool -importkeystore -deststorepass mypass -destkeypass mypass -destkeystore keystore.jks -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass p12pass -srcalias test_server -destalias test_server