diff --git a/samples/contacts/src/site/resources/sslhowto.txt b/samples/contacts/src/site/resources/sslhowto.txt
new file mode 100644
index 0000000000..3da4bdd02d
--- /dev/null
+++ b/samples/contacts/src/site/resources/sslhowto.txt
@@ -0,0 +1,99 @@
+$Id$
+
+CAS requires HTTPS be used for all operations, with the certificate used
+having been signed by a certificate in the cacerts files shipped with Java.
+
+If you're using a HTTPS certificate signed by a well known authority
+(like Verisign), you can safely ignore the procedure below (although you
+might find the troubleshooting section at the end helpful).
+
+The following demonstrates how to create a self-signed certificate and add
+it to the cacerts file. If you just want to use the certificate we have
+already created and shipped with the Acegi Security System for Spring, you
+can skip directly to step 3.
+
+
+1. keytool -keystore keystore -alias acegisecurity -genkey -keyalg RSA -validity 9999 -storepass password -keypass password
+
+What is your first and last name?
+  [Unknown]:  localhost
+What is the name of your organizational unit?
+  [Unknown]:  Acegi Security System for Spring
+What is the name of your organization?
+  [Unknown]:  TEST CERTIFICATE ONLY. DO NOT USE IN PRODUCTION.
+What is the name of your City or Locality?
+  [Unknown]:
+What is the name of your State or Province?
+  [Unknown]:
+What is the two-letter country code for this unit?
+  [Unknown]:
+Is CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONLY. D
+O NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown correct?
+  [no]:  yes
+
+
+2. keytool -export -v -rfc -alias acegisecurity -file acegisecurity.txt -keystore keystore -storepass password
+
+3. copy acegisecurity.txt %JAVA_HOME%\lib\security
+   
+4. copy keystore %YOUR_WEB_CONTAINER_LOCATION%
+
+   NOTE: You will need to configure your web container as appropriate.
+   We recommend you test the certificate works by visiting
+   https://localhost:8443. When prompted by your browser, select to
+   install the certificate.
+
+5. cd %JAVA_HOME%\lib\security
+
+6. keytool -import -v -file acegisecurity.txt -keypass password -keystore cacerts -storepass changeit -alias acegisecurity
+
+Owner: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ONL
+Y. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
+Issuer: CN=localhost, OU=Acegi Security System for Spring, O=TEST CERTIFICATE ON
+LY. DO NOT USE IN PRODUCTION., L=Unknown, ST=Unknown, C=Unknown
+Serial number: 4080daf4
+Valid from: Sat Apr 17 07:21:24 GMT 2004 until: Tue Sep 02 07:21:24 GMT 2031
+Certificate fingerprints:
+         MD5:  B4:AC:A8:24:34:99:F1:A9:F8:1D:A5:6C:BF:0A:34:FA
+         SHA1: F1:E6:B1:3A:01:39:2D:CF:06:FA:82:AB:86:0D:77:9D:06:93:D6:B0
+Trust this certificate? [no]:  yes
+Certificate was added to keystore
+[Saving cacerts]
+
+
+7. Finished. You can now run the sample application as if you purchased a
+   properly signed certificate. For production applications, of course you should
+   use an appropriately signed certificate so your web visitors will trust it
+   (such as issued by Thawte, Verisign etc).
+
+TROUBLESHOOTING
+
+* First of all, most CAS-Acegi Security problems are because of untrusted
+  SSL certificates. So it's important to understand why. Most people can
+  load the Acegi Security webapp, get redirected to the CAS server, then
+  after login they get redirected back to the Acegi Security webapp and
+  receive a failure. This is because the CAS server redirects to something
+  like https://server3.company.com/webapp/j_acegi_cas_security_check?ticket=ST-0-ER94xMJmn6pha35CQRoZ
+  which causes the "service ticket" (the "ticket" parameter) to be validated.
+  net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator
+  performs service ticket validation by delegation to CAS'
+  ProxyTicketValidator class. The ProxyTicketValidator class will perform a
+  HTTPS connection from the web server running the Acegi Security webapp
+  (server3.company.com) above to the CAS server. If for some reason the
+  web server keystore does not trust the HTTPS certificate presented by the
+  CAS server, you will receive various failures as discussed below. NB: This
+  has NOTHING to do with client-side (browser) certificates. You need to
+  correct the trust between the two webserver keystores alone.
+
+* A "sun.security.validator.ValidatorException: No trusted certificate 
+  found" indicates the cacerts is not being used or it did not correctly
+  import the certificate. To rule out your web container replacing or in
+  some way modifying the trust manager, set the
+  CasProxyTicketValidator.trustStore property to the full file system
+  location to your cacerts file.
+
+* If your web container is ignoring your cacerts file, double-check it
+  is stored in $JAVA_HOME\lib\security\cacerts. $JAVA_HOME might be
+  pointing to the SDK, not JRE. In that case, copy
+  $JAVA_HOME\jre\lib\security\cacerts to $JAVA_HOME\lib\security\cacerts
+
diff --git a/src/site/site.xml b/src/site/site.xml
index 8b01d5cc75..c1fa0edb25 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -55,7 +55,7 @@
       <item name="Upgrading to 0.9.0" href="upgrade/upgrade-080-090.html"/>
       <item name="Upgrading to 0.8.0" href="upgrade/upgrade-070-080.html"/>
       <item name="Core JavaDocs" href="acegi-security/apidocs/index.html" target="_blank"/>
-      <item name="Contacts HTTPS" href="acegi-security-samples/acegi-security-sample-contacts/ssl/howto.txt"/>
+      <item name="Contacts HTTPS" href="acegi-security-samples/acegi-security-sample-contacts/sslhowto.txt"/>
       <item name="Project Policies" href="policies.html"/>
       <item name="Acegi Security JIRA" href="http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040"/>
       <item name="Support Forum" href="http://forum.springframework.org/forumdisplay.php?f=33"/>