I would recommend you to go through this really simple post for basic understanding about configuring ssl on tomcat.
Steps:
> generate server certificate
> add certificate to trust store
> Set up server.xml
Generate Server certificate:
make sure JAVA_HOME variable is set, navigate to any directory and open command prompt, give the following commands to generate server certificate
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 2048
or
(if you don’t like the jks format keystore, you can try below)
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore thekeystore
Above command will generate server certificate in jks format (Java Keystore)
keytool -export -alias server-alias -storepass changeit -file server.crt -keystore keystore.jks
Exports the generated server certificate into the file server.crt
Add Server certificate to trust store:
Now copy this server.crt to %JAVA_HOME%/jre/lib/security and give the following command
keytool -import -v -trustcacerts -alias server-alias -file server.crt -keystore cacerts -keypass changeit -storepass changeit
Adds certificate to trust store (default trust store location is %JAVA_HOME%/jre/lib/security/cacerts)
Server.xml:
Navigate to tomcat_home/conf/ and edit <connector> tag in server.xml as below according to your location
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks" keystorePass="changeit" truststoreFile="C:\Program Files\Java\jdk1.8.0_101\jre\lib\security\cacerts" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" />
note: the value keystoreFile=”C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks is the location where I generated the keystore file, give accordingly in your case or this can be copied to any location as well for instance keystoreFile = “H:\keystore.jks”)
** also note that truststoreFile is not required for this setup **
recommended: refer to this post as well