Generating the certificate
Our first step is to generate the certificate. (This example is for Windows, Unix is almost the same.) This is done by using the keytool, located in your JAVA_HOME. For our Windows example this will be C:\Program Files\Java\jdk1.6.0_18\bin
Open a command prompt. First create the directory for your keystore-file, that is the file that will hold your certificate. We will put the keystore-file in the Tomcat-directory: C:\Tomcat\Keystore.
The command you are going to use, keytool.exe, is part of your Java-installation. Switch to your JAVA_HOME directory, in the example C:\Program Files\Java\jdk1.6.0_18 and from there to the bin directory.
Start the keytool, with the following parameters: keytool -genkey -alias tomcat -keyalg RSA -keystore c:\tomcat\keystore\.keystore. This means more or less:
generate a certificate/key called tomcat, using RSA as key-algorithm and store the certificate in the keystore, located in C:\Tomcat\Keystore.
C:\Program Files\Java\jdk1.6.0_18>cd bin
C:\Program Files\Java\jdk1.6.0_18\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore c:\tomcat\keystore\.keystore
Now you must supply several parameters. None of these are very important, except the keystore password. Standard is changeit. but of course you can use anything. But whatever you choose: write it down. You will need this password in the server.xml file, so Tomcat can open the keystore and read the certificate. A typical output of the keystore is:
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: GR Visser
What is the name of your City or Locality?