To add the Java keystore to Tomcat you can either reference the full path of the Java keystore, or you can create a symlink in /opt/tomcat. We opted to create the symlink as follows:
ln -s $JAVA_HOME/jre/lib/security/cacerts keystore
Now edit server.xml
nano /opt/tomcat/conf/server.xml
And add the bit shown in bold text
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" **keystoreFile="keystore"** />
Restart Tomcat and all should be good.