Bem, não acho que o comando keytool esteja perguntando a senha do usuário do tomcat. Gerar um certificado auto-assinado não tem nada a ver com o usuário do sistema. O comando keytool pede que você defina a senha do certificado que está gerando.
keytool -genkey -alias tomcat -keyalg RSA -keystore /applications/certs/test.key
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: example.com
What is the name of your organizational unit?
[Unknown]: test
What is the name of your organization?
[Unknown]: test
What is the name of your City or Locality?
[Unknown]: delhi
What is the name of your State or Province?
[Unknown]: delhi
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=example.com, OU=test, O=test, L=delhi, ST=delhi, C=IN correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password: