to generate certificates:

keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password
keytool -genkeypair -alias clientcert -keystore clientcert.p12 -storetype pkcs12 -keyalg RSA -dname "CN=Client,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password
keytool -exportcert -alias %1 -file clientcert.cer -keystore clientcert.p12 -storetype pkcs12 -storepass password
keytool -importcert -keystore server.jks -alias clientcert -file clientcert.cer -v -trustcacerts -noprompt -storepass password

tomcat connector configuration:

<Connector
   clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
   enableLookups="true" disableUploadTimeout="true"
   acceptCount="100" maxThreads="200"
   scheme="https" secure="true" SSLEnabled="true"
   keystoreFile="${catalina.home}/conf/server.jks"
   keystoreType="JKS" keystorePass="password"
   truststoreFile="${catalina.home}/conf/server.jks"
   truststoreType="JKS" truststorePass="password"
   SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"
/>

install client certificate into your browser of choice, and you should be good to go!