This is to show how to use an EXISTING ssl key and how to import it into tomcat.
Create a tomcat keyring first in /opt/csw/tomcat5/ssl (you'll need to mkdir ssl)
keytool -genkey -alias tomcat -keyalg RSA
use the password "changeit" this is the default tomcat one.
Put in any Information, this would only be used in the case of issuing a CSR request.
I'm using a Godaddy.com CA, but substitute whichever CA you have:
Download Godaddy CA Cert for Signing from https://certs.godaddy.com/anonymous/repository.seam;jsessionid=A3D2CC1A02748C7AD01654BD5ED6D777.web002?streamfilename=gd-class2-root.crt&actionMethod=anonymous%2Frepository.xhtml%3Arepository.streamFile%28%27%27%29&cid=212695 and save it as godaddy.crt
Get the original .crt .csr .key from the Apache2/modJK installation.
Cat these files together in THIS order:
cat godaddy.crt www.website.com.key www.website.com.crt > ssl.pem
Then create a PKS12 key in the tomcat keyring
openssl pkcs12 -export -in ssl.pem -out ssl.p12 -name tomcat
Cert is now valid and signed correctly.
In Tomcat, change the SSL section in /opt/csw/tomcat5/conf/server.xml running on 8443 to this:
SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Restart Tomcat and test with https://server/manager/html
To stop Tomcat serving requests on https://server (which is a security risk in itself) delete the tomcat5/webapps/ROOT directory and all should be okay.
Remember to choose a complex password for the "manager" role in tomcat.