In case you do not want to use the default self-signed certificate, and want to use your own certificate (e.g. provided by companies like Verisign, Thawte, etc.) you will need to follow their instructions on how to obtain and install their certificate into tomcat. The certificate should be installed into the file .keystore in psa_x.y.z directory with pass phrase celoxis. Since the file is already present you will first have to delete the file. In case you want to change the pass phrase, you will have to update the psa_x.y.z/conf/server.xml and enter the new pass phrase so that the server can correctly read the key store. Restart the application after you are done.
Any changes you make to the keystore or server.xml must be manually copied over after every upgrade.