I was banging my head up against a problem importing a previously signed cert into the keystore for use with James. I finally found an answer and wanted to share a bit of wisdom I picked up from someone else. See this StackOverflow thread:
http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i Essentially, I have a multi-domain cert signed by Digicert that I did not create on my mail server, but that has my mail server's DNS name as one of the SAN listings. I tried and tried to get the cert imported into the keystore so James could use it, and I finally found this thread at StackOverflow about converting an x509 certificate into a PKCS12 keystore with its private key, then converting that into a new JKS keystore. I had to get the cert and key into DER format first, which is easy enough using openssl or other tools (export from Windows Certificates, etc.).