It is possible to use Windows certificate store like this: <Connector SSLEnabled="true" address="..." clientAuth="false" keyAlias="..." keystoreFile="" keystoreType="Windows-My" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1" sslProtocol="TLS"/>
You have to enter keyAlias that matches the subject of the certificate in Windows user's personal certificates. Then you don't need to enter password at all. -Harri -----Original Message----- From: John Palmer [mailto:[email protected]] Sent: 25. toukokuuta 2017 17:01 To: Tomcat Users List <[email protected]> Subject: Re: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.keyStore=NONE .. and this may not work at all.. On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <[email protected]> wrote: > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <[email protected]> > wrote: > > > How can we avoid defining plain text password in server.xml or is there > a > > way i can encrypt the password in server.xml. > > > There are couple of examples on https://wiki.apache.org/ > tomcat/FAQ/Password > -- > Regards, > Vidyadhar > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
