The SSL Connector for Oneclick worked without issue on 10.2.x but stopped after upgrade to 10.3.
Rerunning the procedure did not resolve it.
The customer had deleted the cacerts to start with a clean sheet and add his key to a new/empty cacerts keystore.
The result was a keystore with only a private key.
Since the tomcat bundled with 10.3 requires at least 1 trusted cert in a keystore, this method doesn't work.
The resolution is either to add 1 or more trusted certs to the keystore, or use the original keystore and add a key.