...
The result of this command is a keystore file created in $CATALINA_HOME/conf/keystore
To change the default expiration of the self-signed certificate, use the following command:
sudo $JAVA_HOME/bin/keytool -selfcert -v -alias tomcat -validity 3650 -keystore keystore
Note: In the above example, certificate is valid for the next 10 years.
The next step is to edit $CATALINA_HOME/conf/server.xml to configure and enable the HTTPS connector. Inside this file locate the following connector:
...