Creating a Certificate (Linux / Windows)
Once you have the private key created, you must create a certificate.
8. Assuming you are still running the OpenSSL program from the previous step, enter the command:
req -new -x509 -key tomcatkey.pem -out tomcat.pem -days 1095
9. OpenSSL asks for the pass phrase defined for the private key. Enter the previous pass phrase of changeit. This command creates a self-signed certificate with a lifetime of 3 years, using the private key.
10. When asked the other questions such as Country Code, Organization you can enter any data you wish. When asked for the Common Name (FQN) you must enter the Hostname or IP Address of the server.
11. OpenSSL generates the tomcat.pem in the directory you were in from the previous steps.
12. Exit OpenSSL by typing exit
13. Two new files appear within the //../tomcat-xx/bin/certs directory: tomcatkey.pem and tomcat.pem