For the official instructions (Tomcat 8), read this page
The following instructions are for development servers only:
Step 1: Create a keystore file to store the server’s private key and self-signed certificate:
For Windows:
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
For Unix/Linux:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
You will be asked for various information. Remember the password you typed at this step.
At the end of the procedure, keytool will create a file named “.keystore” to your home directory. By default it is hidden. This file should be moved to Apache-Tomcat home directory and can be renamed (eg to “keystore”).
Step 2: Disable APR:
Edit server.xml and comment out the following line:
<!--
Listener
className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"
/-->
Step 3: Activate the SSL connector
Edit server.xml and add (or uncomment and modify) the following lines:
<Connector
port="8443"
SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="keystore"
keyAlias="tomcat"
keystorePass="12345678"
clientAuth="false"
sslProtocol="TLS" />
You will have you replace “12345678” with your password.
You will also have to replace “keystore” with the full path to the keystore file generated at Step 1.
Step 4: Restart Tomcat
Do not forget to restart Apache-Tomcat