We were attracted to Globalsign's inexpensive wildcard certificates, fully aware that there would be zero frills.
We are running JSS 9.65 under Ubuntu 14.04 LTS. After creating a new Tomcat keystore, generating the CSR, and being issued the certificate, we were having a difficult time getting the final certificate installed via keytool. The PEM certificate provided to us wouldn't work.
We wound up importing Globalsign's intermediate certificate:
/path/to/keytool -import -alias intermediate -keystore /path/to/Tomcat/keystore.jks -trustcacerts -file /path/to/root.cer
Then converting our Globalsign-provided PKCS7 certficate to PEM:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Afterwards, we were able to import the resulting .cer with no problem.
Your mileage may vary, but I hope this may help somebody experiencing similar frustration.