Going to post this one since the info via Google seems to be sparse and conflicting.. 

Export full wildcard from live windows IIS server, include key, include other attributes, give it a PW

mmc-add certificate snapin, look for *.domain for existing wildcard cert

Then this is the key: just use the following for the connector in the apache server.xml and forget anything to do with java keystores:

<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" 
                                 acceptCount="100" scheme="https" SSLEnabled="true" secure="true" clientAuth="false" sslProtocol="TLS" 
                                 keystorePass="XXXXXX" keystoreType="PKCS12"/>