keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcat-keystore.jks -validity 730
Export the certificate:
keytool -export -alias tomcat -file tomcat-keystore.cer -keystore tomcat-keystore.jks
Import to Java keystore:
keytool -import -alias tomcat -file tomcat-keystore.cer -keystore C:\jdk1.7.0_51\jre\lib\security\cacerts
Add it to Tomcat's server.xml:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/path/to/tomcat-keystore.jks" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
Now you can avoid errors in java programs like:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed...
References:
https://dzone.com/articles/setting-ssl-tomcat-5-minutes
https://stackoverflow.com/a/7812567/1714485
