## Wednesday, April 12, 2006

### SSL with Tomcat

The Tomcat documentation for SSL setup is not entirely correct. The How-to on the Jakarta website is accurate about keystore creation, but the snippet of XML for your server.xml file is outdated.

I suppose it's because they keep changing the format of that file and the documentation is having trouble keeping up. If you include the className attribute in your Connector element, it is likely that Tomcat will start, and then promptly throw an InvocationTargetException, which you will see if you look at your stdoutXXX.log file (or your catalina.out file if you've opted for the huge monolithic catalina.out logging solution).

Instead, you should use the following snippet without the className attribute. Name sure you declare it within the you want to use (typically it is Catalina).

<Connector port="8443"
enableLookups="false"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"

\$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA