To add the Java keystore to Tomcat you can either reference the full path of the Java keystore, or you can create a symlink in /opt/tomcat. We opted to create the symlink as follows:

ln -s $JAVA_HOME/jre/lib/security/cacerts keystore

Now edit server.xml

nano /opt/tomcat/conf/server.xml

And add the bit shown in bold text

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" **keystoreFile="keystore"** />

Restart Tomcat and all should be good.