The tough thing about building those is that, if you miss one step, it won't work. I've done quite a few for our customers and I've found, that if the certificate doesn't work, it's easier to contact the CA, cancel the certificate and start again from square one.
I've done Thawte's (with Tomcat 5.0 and 5.5) and I assure you, if you follow ever step, exactly as it's written in their documentation, it will work.
It's also a good idea to take screen shots of every single step. There are two reasons for doing this. 1.) If something goes wrong, you, or support from the CA can look and see exactly what you've done.
2.) Certificates, by nature, are something you fight with once and then don't touch for at least a year. By the time that certificate expires, you'll have forgotten everything you've done. Step by step screen shots of what you did last time will be the most welcome documentation you can have. [ August 21, 2007: Message edited by: Ben Souther ]