While following TEC1380954 you may receive the following error when deleting the existing key according to step 6:
keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -storepass changeit -keypass changeit -keysize 2048 -dname "cn=<hostname>" -validity <days>
keytool error: java.security.CertificateParsingException: Empty issuer DN not allowed in X509Certificates