diff --git a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
index 0cbd36f9..f071a555 100644
--- a/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
+++ b/CASA-auth-token/server-java/Svc/linux/CasaAuthtokenSvcD
@@ -100,10 +100,20 @@ StartDAEMON()
       # file for the JVM version that we are using.
       if [ -z "${TEST_IBM_JVM}" ]; then
         # Assume Sun JVM
-        ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
+        # Use PKCS12 version if PKCS12 store exists
+        if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
+          ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml /srv/www/casaats/conf/server.xml
+        else
+          ln -s /srv/www/casaats/conf/server-sun.xml /srv/www/casaats/conf/server.xml
+        fi
       else
         # IBM JVM
-        ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+        # Use PKCS12 version if PKCS12 store exists
+        if [ -f /etc/ssl/servercerts/keystore.p12 ]; then
+          ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml /srv/www/casaats/conf/server.xml
+        else
+          ln -s /srv/www/casaats/conf/server-ibm.xml /srv/www/casaats/conf/server.xml
+        fi
       fi
 
       # Make sure that our service has rights to the file
diff --git a/CASA-auth-token/server-java/Svc/linux/Makefile.am b/CASA-auth-token/server-java/Svc/linux/Makefile.am
index 789217cc..15b4ebf2 100644
--- a/CASA-auth-token/server-java/Svc/linux/Makefile.am
+++ b/CASA-auth-token/server-java/Svc/linux/Makefile.am
@@ -31,6 +31,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \
 		envvars.zen \
 		server_keystore_setup.sh \
 		refresh_trusted_ats_keystore.sh \
+		refresh_server_keystore.sh \
 		casa_crypto.properties \
 		CasaBasicATSSetup.sh \
 		CasaAuthPolicyEditor.sh \
diff --git a/CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh b/CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
new file mode 100755
index 00000000..6a95928d
--- /dev/null
+++ b/CASA-auth-token/server-java/Svc/linux/refresh_server_keystore.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+########################################################################
+# 
+#   Copyright (C) 2006 Novell, Inc. All Rights Reserved.
+# 
+#   This library is free software; you can redistribute it and/or
+#   modify it under the terms of the GNU Lesser General Public
+#   License as published by the Free Software Foundation; version 2.1
+#   of the License.
+# 
+#   This library is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#   Library Lesser General Public License for more details.
+# 
+#   You should have received a copy of the GNU Lesser General Public
+#   License along with this library; if not, Novell, Inc.
+#  
+#   To contact Novell about this file by physical or electronic mail, 
+#   you may find current contact information at www.novell.com.
+#  
+#   Author: Juan Carlos Luciani <jluciani@novell.com>
+#   
+########################################################################
+
+########################################################################
+#
+# CASA ATS Keystore Refresh Script.
+#
+# An ATS signs tokens and communicates with clients over
+# SSL. This scrip tries to update the ATS configuration to leverage
+# the server certificate and key if installed for SSL communications.
+#
+########################################################################
+
+# Source our environment variables file
+. /etc/CASA/authtoken/svc/envvars
+
+PKCS12_KEYSTORE_PATH=/etc/ssl/servercerts/keystore.p12
+SERVER_CERT_PATH=/etc/ssl/servercerts/servercert.pem
+SERVER_KEY_PATH=/etc/ssl/servercerts/serverkey.pem
+SERVER_XML_PATH=/srv/www/casaats/conf/server.xml
+
+
+# Try to leverage server certificate and key 
+if [ -f /etc/ssl/servercerts/serverkey.pem ]; then
+   # Check if we must create PKCS12 keystore
+   if [ ! -f $PKCS12_KEYSTORE_PATH ]; then
+      # Create PKCS12 keystore
+      openssl pkcs12 -export -in $SERVER_CERT_PATH -inkey $SERVER_KEY_PATH -name tomcat -out PKCS12_KEYSTORE_PATH -password pass:password
+
+      # Make sure that the PKCS12 keystore is only accessible by the service
+      chown casaatsd:casaauth $PKCS12_KEYSTORE_PATH
+      chmod 600 $PKCS12_KEYSTORE_PATH
+   fi
+
+   // Make sure that the ATS is configured to leverage the server certificate and key
+   TEST_IBM_JVM=$($JAVA_HOME/bin/java -version 2>&1 | grep -i ibm)
+   rm -f $SERVER_XML_PATH
+   if [ -z "${TEST_IBM_JVM}" ]; then
+      # Assume Sun JVM
+      ln -s /srv/www/casaats/conf/server-pkcs12-sun.xml $SERVER_XML_PATH
+   else
+     # IBM JVM
+     ln -s /srv/www/casaats/conf/server-pkcs12-ibm.xml $SERVER_XML_PATH
+   fi
+fi
+
diff --git a/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh b/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh
index 25e2929b..d30704ca 100755
--- a/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh
+++ b/CASA-auth-token/server-java/Svc/linux/server_keystore_setup.sh
@@ -50,11 +50,12 @@ LOCAL_ATS_SIGNING_CERT_PATH=/etc/CASA/authtoken/keys/localSigningCert
 
 # Perform the operation requested
 
-# Do not do anything if the server keystore has already been created
+# Proceed based on whether or not the server keystore has been created
 if [ -f $KEYSTORE_PATH ]; then
    echo "The server keystore is already setup"
-        # Make sure that the keystore file is owned by our service
-        chown casaatsd:casaauth $KEYSTORE_PATH
+
+   # Make sure that the keystore file is owned by our service
+   chown casaatsd:casaauth $KEYSTORE_PATH
 else
    echo "Setting up the server's keystore"
 
@@ -82,3 +83,5 @@ else
    chmod 600 $KEYSTORE_PATH
 fi
 
+
+
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/Makefile.am b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/Makefile.am
index afa730d1..9641cf70 100644
--- a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/Makefile.am
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/Makefile.am
@@ -27,7 +27,9 @@ DIST_SUBDIRS = zen
 CFILES =
 
 EXTRA_DIST = server-ibm.xml \
-		server-sun.xml
+		server-sun.xml \
+		server-pkcs12-ibm.xml \
+		server-pkcs12-sun.xml
 
 .PHONY: package package-clean package-install package-uninstall
 package package-clean package-install package-uninstall:
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
new file mode 100644
index 00000000..5f01bc94
--- /dev/null
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml
@@ -0,0 +1,169 @@
+<!-- CASA ATS Server Configuration File -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8585" shutdown="SHUTDOWN" debug="0">
+
+
+  <!-- Global JNDI resources -->
+  <GlobalNamingResources>
+
+    <!-- Test entry for demonstration purposes -->
+    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+
+  <!-- Define the Tomcat Stand-Alone Service -->
+  <Service name="Catalina">
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 5 documentation bundle for more detailed
+         instructions):
+         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
+	
+    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <Connector port="2645" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" disableUploadTimeout="true"
+               maxPostSize="16384" connectionTimeout="10000"
+               acceptCount="100" debug="0" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS"
+               keystoreFile="/etc/ssl/servercerts/keystore.p12"
+               keystorePass="password" keystoreType="pkcs12" algorithm="IbmX509" />
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
+    --> 
+         
+    <!-- Define the top level container in our container hierarchy -->
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.4
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log" suffix=".txt"
+              timestamp="false"/>
+
+      <!-- Because this Realm is here, an instance will be shared globally -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                 debug="0" resourceName="UserDatabase"/>
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host name="localhost" debug="0" appBase="webapps"
+       unpackWARs="true" autoDeploy="true"
+       xmlValidation="false" xmlNamespaceAware="false">
+
+        <!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
+                 pattern="common" resolveHosts="false"/>
+        -->
+
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log" suffix=".txt"
+            timestamp="false"/>
+
+      </Host>
+
+    </Engine>
+
+  </Service>
+
+</Server>
diff --git a/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
new file mode 100644
index 00000000..f8d8699a
--- /dev/null
+++ b/CASA-auth-token/server-java/Svc/tomcat5/conf/linux/server-pkcs12-sun.xml
@@ -0,0 +1,169 @@
+<!-- CASA ATS Server Configuration File -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+     which may contain one or more "Service" instances.  The Server
+     listens for a shutdown command on the indicated port.
+
+     Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8585" shutdown="SHUTDOWN" debug="0">
+
+
+  <!-- Global JNDI resources -->
+  <GlobalNamingResources>
+
+    <!-- Test entry for demonstration purposes -->
+    <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+       description="User database that can be updated and saved">
+    </Resource>
+    <ResourceParams name="UserDatabase">
+      <parameter>
+        <name>factory</name>
+        <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+      </parameter>
+      <parameter>
+        <name>pathname</name>
+        <value>conf/tomcat-users.xml</value>
+      </parameter>
+    </ResourceParams>
+
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" (and therefore the web applications visible
+       within that Container).  Normally, that Container is an "Engine",
+       but this is not required.
+
+       Note:  A "Service" is not itself a "Container", so you may not
+       define subcomponents such as "Valves" or "Loggers" at this level.
+   -->
+
+  <!-- Define the Tomcat Stand-Alone Service -->
+  <Service name="Catalina">
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned.  Each Connector passes requests on to the
+         associated "Container" (normally an Engine) for processing.
+
+         By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+         You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+         following the instructions below and uncommenting the second Connector
+         entry.  SSL support requires the following steps (see the SSL Config
+         HOWTO in the Tomcat 5 documentation bundle for more detailed
+         instructions):
+         * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+           later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+         * Execute:
+             %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+             $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
+           with a password value of "changeit" for both the certificate and
+           the keystore itself.
+
+         By default, DNS lookups are enabled when a web application calls
+         request.getRemoteHost().  This can have an adverse impact on
+         performance, so you can disable it by setting the
+         "enableLookups" attribute to "false".  When DNS lookups are disabled,
+         request.getRemoteHost() will return the String version of the
+         IP address of the remote client.
+    -->
+
+    <!-- Note : To disable connection timeouts, set connectionTimeout value
+     to 0 -->
+	
+    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 2645 -->
+    <Connector port="2645" 
+               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+               enableLookups="false" disableUploadTimeout="true"
+               maxPostSize="16384" connectionTimeout="10000"
+               acceptCount="100" debug="0" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS"
+               keystoreFile="/etc/ssl/servercerts/keystore.p12"
+               keystorePass="password" keystoreType="pkcs12" algorithm="SunX509" />
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host). -->
+
+    <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+    <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">         
+    --> 
+         
+    <!-- Define the top level container in our container hierarchy -->
+    <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request headers and cookies that were received, and the response
+           headers and cookies that were sent, for all requests received by
+           this instance of Tomcat.  If you care only about requests to a
+           particular virtual host, or a particular application, nest this
+           element inside the corresponding <Host> or <Context> entry instead.
+
+           For a similar mechanism that is portable to all Servlet 2.4
+           containers, check out the "RequestDumperFilter" Filter in the
+           example application (the source for this filter may be found in
+           "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+           Request dumping is disabled by default.  Uncomment the following
+           element to enable it. -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- Global logger unless overridden at lower levels -->
+      <Logger className="org.apache.catalina.logger.FileLogger"
+              prefix="catalina_log" suffix=".txt"
+              timestamp="false"/>
+
+      <!-- Because this Realm is here, an instance will be shared globally -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                 debug="0" resourceName="UserDatabase"/>
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host name="localhost" debug="0" appBase="webapps"
+       unpackWARs="true" autoDeploy="true"
+       xmlValidation="false" xmlNamespaceAware="false">
+
+        <!-- Access log processes all requests for this virtual host.  By
+             default, log files are created in the "logs" directory relative to
+             $CATALINA_HOME.  If you wish, you can specify a different
+             directory with the "directory" attribute.  Specify either a relative
+             (to $CATALINA_HOME) or absolute path to the desired directory.
+        -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve"
+                 directory="logs"  prefix="localhost_access_log." suffix=".txt"
+                 pattern="common" resolveHosts="false"/>
+        -->
+
+        <!-- Logger shared by all Contexts related to this virtual host.  By
+             default (when using FileLogger), log files are created in the "logs"
+             directory relative to $CATALINA_HOME.  If you wish, you can specify
+             a different directory with the "directory" attribute.  Specify either a
+             relative (to $CATALINA_HOME) or absolute path to the desired
+             directory.-->
+        <Logger className="org.apache.catalina.logger.FileLogger"
+                 directory="logs"  prefix="localhost_log" suffix=".txt"
+            timestamp="false"/>
+
+      </Host>
+
+    </Engine>
+
+  </Service>
+
+</Server>
diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
index f4535fcd..1d241ebd 100644
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in
@@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
 
 # Others
 install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
-install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
 install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
 install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
 install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
 install -m 600 Svc/tomcat5/conf/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
 install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
 install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
+install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
 install -m 600 Svc/tomcat5/conf/linux/server-sun.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
+install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
 install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
 install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
 
@@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
 %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
 %{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
 %config /srv/www/casaats/conf/catalina.properties
 %config /srv/www/casaats/conf/jk2.properties
 %config /srv/www/casaats/conf/server-ibm.xml
+%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
 %config /srv/www/casaats/conf/server-sun.xml
+%config /srv/www/casaats/conf/server-pkcs12-sun.xml
 %config /srv/www/casaats/conf/tomcat-users.xml
 %config /srv/www/casaats/conf/web.xml
 %config /etc/CASA/authtoken/svc/envvars
diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
index db43d019..590464b9 100644
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in
@@ -172,7 +172,8 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo
 
 # Others
 install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
-install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+install -m 700 Svc/linux/refresh_trusted_ats_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+install -m 700 Svc/linux/refresh_server_keystore.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
 install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
 install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
 install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@@ -187,7 +188,9 @@ install -m 600 Svc/tomcat5/conf/catalina.policy %{buildroot}/srv/www/casaats/con
 install -m 600 Svc/tomcat5/conf/linux/zen/catalina.properties %{buildroot}/srv/www/casaats/conf/catalina.properties
 install -m 600 Svc/tomcat5/conf/jk2.properties %{buildroot}/srv/www/casaats/conf/jk2.properties
 install -m 600 Svc/tomcat5/conf/linux/server-ibm.xml %{buildroot}/srv/www/casaats/conf/server-ibm.xml
+install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-ibm.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-ibm.xml
 install -m 600 Svc/tomcat5/conf/linux/zen/server.xml %{buildroot}/srv/www/casaats/conf/server-sun.xml
+install -m 600 Svc/tomcat5/conf/linux/server-pkcs12-sun.xml %{buildroot}/srv/www/casaats/conf/server-pkcs12-sun.xml
 install -m 600 Svc/tomcat5/conf/tomcat-users.xml %{buildroot}/srv/www/casaats/conf/tomcat-users.xml
 install -m 600 Svc/tomcat5/conf/web.xml %{buildroot}/srv/www/casaats/conf/web.xml
 
@@ -262,6 +265,7 @@ rm -f /srv/www/casaats/conf/server.xml
 %{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war
 %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh
 %{prefix}/share/java/CASA/authtoken/bin/refresh_trusted_ats_keystore.sh
+%{prefix}/share/java/CASA/authtoken/bin/refresh_server_keystore.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh
 %{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh
@@ -307,7 +311,9 @@ rm -f /srv/www/casaats/conf/server.xml
 %config /srv/www/casaats/conf/catalina.properties
 %config /srv/www/casaats/conf/jk2.properties
 %config /srv/www/casaats/conf/server-ibm.xml
+%config /srv/www/casaats/conf/server-pkcs12-ibm.xml
 %config /srv/www/casaats/conf/server-sun.xml
+%config /srv/www/casaats/conf/server-pkcs12-sun.xml
 %config /srv/www/casaats/conf/tomcat-users.xml
 %config /srv/www/casaats/conf/web.xml
 %config /etc/CASA/authtoken/svc/envvars