Re: server.xml password encryption instead of plain text

Fri, 26 May 2017 00:52:22 -0700 

Hi.
Rather than spending a lot of time (again) on this issue, I would suggest that everyone (re-)read the excellent FAQ article summarising the issue. 

https://wiki.apache.org/tomcat/FAQ/Password

And/or, search the tomcat user's list archives about this topic, such as :
http://marc.info/?l=tomcat-user&w=2&r=1&s=encrypted+passwords&q=b



On 26.05.2017 09:39, Dhaval Jaiswal wrote:

I have the unix system.



On Fri, May 26, 2017 at 1:02 PM, Pesonen, Harri <harri.peso...@sap.com>
wrote:


It is possible to use Windows certificate store like this:

<Connector SSLEnabled="true" address="..." clientAuth="false"
keyAlias="..." keystoreFile="" keystoreType="Windows-My" maxThreads="150"
port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" sslEnabledProtocols="TLSv1" sslProtocol="TLS"/>

You have to enter keyAlias that matches the subject of the certificate in
Windows user's personal certificates. Then you don't need to enter password
at all.

-Harri

-----Original Message-----
From: John Palmer [mailto:johnpalm...@gmail.com]
Sent: 25. toukokuuta 2017 17:01
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: server.xml password encryption instead of plain text

I haven't tested it yet, but if you're on a Windows platform you MAY be
able to tell Tomcat to use the Windows Certificate Store (an thus NOT have
a password in server.xml) by adding something like this to the Java
Options:
-Djavax.net.ssl.trustStoreProvider=SunMSCAPI
-Djavax.net.ssl.trustStoreType=Windows-ROOT
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.keyStoreProvider=SunMSCAPI
-Djavax.net.ssl.keyStoreType=Windows-MY
-Djavax.net.ssl.keyStore=NONE

.. and this may not work at all..


On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote....@gmail.com>
wrote:


On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com>
wrote:


How can we avoid defining plain text password in server.xml​ or is

there

a

way i can encrypt the password in server.xml. ​


There are couple of examples on https://wiki.apache.org/
tomcat/FAQ/Password
--
Regards,
Vidyadhar



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to