Where are the iManager specific secure LDAP certificates stored that Tomcat uses?

iManager secure LDAP connections no longer work
Organizational CA was deleted and recreated
LDAP certificates were regenerated for the LDAP Server object
Where are the iManager specific secure LDAP certificates stored that Tomcat uses?

iManager can create secure LDAP connections behind the scenes without any user intervention. If the LDAP servers' SSL certificate is updated on the backend for whatever reason (new Organizational CA), iManager should retrieve the new certificate using the authenticated connection and import it into its own keystore database.

If for some reason this does not happen correctly, you can delete the iManager keystore database and force iManager to recreate it.

The file is %TOMCAT_HOME%\webapps\nps\WEB-INF\iMKS. Shutdown tomcat, delete this file and restart tomcat. Then launch iManager in a browser and log back into the tree to automatically import the new certificate into iManager's keystore database.

Alternately, you may also manually import the required certificate into Tomcat's JVM default keystore using the "keytool" certificate management utility available in the JDK. When creating secure SSL connections, iManager first tries the JVM's default keystore, then uses the iManager specific keystore database.  For information on possible syntax examples for using the keytool java utility, please see TID 7006144.

To replace the certificate used for HTTPS traffic to iManager browser client please refer to Replacing the default certificates in iManager 2.6 (non-Apache install)