J2EE Cheat Sheet Directory layout webapps place .war's here app name place .jsp file here and in application specific subdirectories WEB-INF classes place class's here place .properties files here too lib place .jar's here META_INF place MANIFEST.MF here This directory and file are optional. SSL The use of tomcat with ssl requires what is commonly known as a certificate. This is a confusion piece of terminology. Actually, when ou need is a cryptographically signed certificate. Specifically, a cryptographically signed public key. The system works like this. First, you generate a keypair for your server. then you build a csr ( Cerificate Signing Request ) which you send to a CA ( Certificate Authority ). The CA creates a secure hash of the public key and returns that to the requester who installs it on their server. Now when the client connects to the secured tomcat, they recieve the certificate. They forward the certificate to the CA. The CA decode the cert and returns it. The client verifies that the unwrapped public key belongs to the domain they are accessing, that it hasn't expired, and comences to use the public key to converse with the secured tomcat. If the cert has expired, the client warns the user. If the public key does not belong to the server they are accessing, the client warns the user. If the public key is not the mate of the private key on the server, communication will be impossible.