Tomcat Configuration and Deployment

Container Options

The following table lists the common container options supported by Tomcat.

Key Value type Description



Allows connections over HTTPS.



Port to use for TLS listener. Defaults to 443 and implies :ssl?.



Used for TLS. Path to keystore file.



Used for TLS. Keystore password.



SSL client certificate authenticate, may be set to :need, :want or :none. Defaults to :none.

General SSL configuration

Aside from the options listed in the previous table, there are other SSL options supported by Tomcat as well. The options listed below may be specified as strings or keywords in the container options map.

  • sessionTimeout

  • keystoreType

  • algorithm

  • truststoreType

  • truststorePass

  • useServerCipherSuitesOrder

  • sslImplementationName

  • truststoreProvider

  • sessionCacheSize

  • keyAlias

  • keystoreProvider

  • truststoreFile

  • truststoreAlgorithm

  • allowUnsafeLegacyRenegotiation

  • clientCertProvider

  • crlFile

  • trustMaxCertLength

  • ciphers

  • trustManagerClassName

  • keyPass

These options are set on the org.apache.catalina.connector.Connector instance via setAttribute. Refer to the Tomcat HTTP Connector documentation for details.