Following are the steps to create an real SSL certificate (verified by VeriSign/Thawte etc.) for Tomcat:
1. Creation of keystore
keytool -genkey -alias XXX -keyalg RSA -keystore ./XXX.keystore
2. Generation of CSR
keytool -certreq -alias XXX -file XXX.csr -keystore ./XXX.keystore
Send the generated XXX.csr to the signing authority and get the certificate from them. Save that file as “XXX.thawte”
3. Install the certificate in the keystore
keytool -import -alias XXX -trustcacerts -file XXX.thawte -keystore XXX.keystore
That’s it.