The keystore is used for Tomcat operating as a
server for web clients.
What you want is to support Tomcat operating as a
client to your databases.
There's no real standard for doing that, unfortunately. Every database server does it differently. Much differently. When they do it at all.
This paper should help in setting up a
JDBC connection pool for SSL Oracle when using the thin driver:
http://www.oracle.com/technetwork/database/enterprise-edition/wp-oracle-jdbc-thin-ssl-130128.pdf
At a quick glance, I got the impression that you more or less set up the Oracle server for SSL and the thin driver automatically detects it and operates accordingly.
SQL Server gets its marching orders from the jdbl URL:
http://technet.microsoft.com/en-us/library/bb879949.aspx
As does, incidentally, MySQL, which I haven't supplied a URL since it's not been asked for.
Note that whether any of these will accept a client-side SSL certificate is another matter. I'm not even sure whether the usual SSL mechanisms for cert support apply, and doubly-so in the case of Windows. For Linux, if they did, they'd be stored under the tomcat user's ".ssh" directory, not as part of Tomcat.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.