To secure your installation, you must generate new key new key pairs. If you do not generate new key pairs, then the default certificates that the STS inherently trusts are used. To increase security you should generate a new unique certificate for each SSO component.
The most common scenario involves the use of Serena SSO/Common Access Card (CAC) or SSO/PIV Card or SSO/PKI client certificates. Client certificate setups typically uses the X509-base or X509-LDAP SSO authenticators which access a java keystore (JKS) to verify trust of a client certificate . The default setup uses a JKS called SERENACA.JKS.
When prompted for a password, enter "changeit". If you are prompted or override or trust the certificate , enter yes. Restart Serena Common Tomcat and test the process you were working on.
When SBM components are installed across multiple servers, each server must have matching signed certificate trust keys. This allows the servers to communicate with each other. If the certificates don't match, you could see any number of problems.