Updated SSL certificate but browser still shows as invalid

Running GlassFish 3.1.1 (build 12) on Amazon Linux.

The app has been running for 3 years without an issue, but now I need to update the SSL certificate.

My research included the following web sites:

http://aliok.wordpress.com/2011/06/04/using-your-ssl-certificate-on-glas...

http://www.denizoguz.com/2011/01/02/installing-godaddy-ssl-certificates-...

In my existing keystore I have:

$ /usr/java/jdk1.7.0_01/bin/keytool -list -keystore keystore.jks
Enter keystore password: changeit

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 6 entries

root, Mar 15, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): 27:96:BA........:20:EE:E4
glassfish-instance, Aug 5, 2011, PrivateKeyEntry,
Certificate fingerprint (SHA1): CD:ED:ED.......:F2:52:99
app, Mar 15, 2012, PrivateKeyEntry,
Certificate fingerprint (SHA1): D2:91:C9........:54:03:0A
intermed, Mar 15, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): 7C:46:56..........:11:FC:44
s1as, Aug 5, 2011, PrivateKeyEntry,
Certificate fingerprint (SHA1): 93:89:A1........:E0:22:3E
cross, Mar 15, 2012, trustedCertEntry,
Certificate fingerprint (SHA1): DE:70:F4:........:3B:2C:62

In the Glassfish "server-config" listerner-2 section the SSL tab shows alias "app" and keystore is "keystore.jks".

I applied to GoDaddy for the replacement certificate, and after going through the verification process received a zip file containing:

71.......8c4.crt gd_bundle.crt

I deleted the existimg "app" alias from the keystore:

/usr/java/jdk1.7.0_01/bin/keytool -delete -alias app -keystore keystore.jks.test

Then added the new certificate to teh same alias:

/usr/java/jdk1.7.0_01/bin/keytool -import -alias app -keystore keystore.jks.test -trustcacerts -file 71.......8c4.crt

I then restarted GlassFish.

Then I navigated to the SSL site on my browser but got the same Invalid Certificate warning.

When I use the browsers "View Certificate" option and look at the "Thumbprint" the hex key matches the old "app" key from the keystore, i.e. GlassFish doesn't seem to be picking up the new keystore.

Any ideas?