In configupdate->Authentication one must specify an OAuth keystore and
other keystore related settings.

What are the security implications, if any, if one specifies the same
keystore and key for both OSP OAuth *and* for the Tomcat HTTPS connector
in /opt/netiq/idm/apps/tomcat/conf/server.xml?

Basically the question is, if I want to have one less keystore and
certificate to manage can I use the same certificate and keystore for
both Tomcat and OAuth from a security perspective, since they are
running on the same server and in the same Tomcat instance?