Let's first create a self-signed certificate.
The above will create a keystore with the name keystore.jks in side [CATALINA_HOME].
[CATALINA_HOME]>keytool -genkey -alias webapp -keyalg RSA -keystore keystore.jks
Also, notice that here we used webapp as the CN - so, we need to edit the file C:\WINDOWS\system32\drivers\etc\hosts and add the following entry - so we can make our certificate trusted by the browser.
127.0.0.1 webapp
Now, lets edit - [CATALINA_HOME]\conf\server.xml to make Tomcat SSL enabled.
All set, hit the url, https://webapp:8443 - now broswer will give you a warning saying that your certificate is not trusted.
<Service name="Catalina">
<!-- Add the following -->
<!-- 'tomcat' is the password you gave while creating keystore.jks -->
<!-- Make sure keystore.jks is inside [CATALINA_HOME] -->
<Connector port="8443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="keystore.jks"
keystorePass="tomcat"/>
</Service>
Install the cert in the browser to get rid of the warning.