While following TEC1380954 you may receive the following error when deleting the existing key according to step 6:
keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -storepass changeit -keypass changeit -keysize 2048 -dname "cn=<hostname>" -validity <days>
keytool error: java.security.CertificateParsingException: Empty issuer DN not allowed in X509Certificates
For some reason, the keytool tool does not recognize the dname value. Possible there was some typo in the command. At this point, the delete from step 5 also brings up this error.
The TEC doc asks you to back up your original keys in step 4. Restore that key, try steps 5 and 6 once more. If it fails again, restore the key again and continue from step 9.