Re: Tomcat on Windows : new keystore possibilities
I understand, but am not looking for troubleshooting but trying to raise awareness of the new sunmscapi capabilities. I'm testing using the private key in the windows machine store to simplify tls implementation. For this it requires local admin rights but I am also looking how to not need this... David Wooffindin From: Bill Stewart Sent: Monday, April 8, 2024 5:36:47 PM To: Tomcat Users List Subject: Re: Tomcat on Windows : new keystore possibilities On Mon, Apr 8, 2024 at 8:27 AM david w wrote: If you can share a way for this to not be necessary, I'm all ears... > I can read computer certificates from non-privileged accounts on Windows. (How would a user application such as a browser work otherwise?) I'm not sure what's different on your system or why you think a privileged account is required. In any case, this would not be a Tomcat-specific issue but rather some kind of configuration issue. (What I am saying is that troubleshooting this issue on your machine is really outside the scope of this specific mailing list.) I would repeat my recommendation not to run a web server of any kind (Tomcat or otherwise) using a privileged account. Bill
Re: Tomcat on Windows : new keystore possibilities
On Mon, Apr 8, 2024 at 8:27 AM david w wrote: If you can share a way for this to not be necessary, I'm all ears... > I can read computer certificates from non-privileged accounts on Windows. (How would a user application such as a browser work otherwise?) I'm not sure what's different on your system or why you think a privileged account is required. In any case, this would not be a Tomcat-specific issue but rather some kind of configuration issue. (What I am saying is that troubleshooting this issue on your machine is really outside the scope of this specific mailing list.) I would repeat my recommendation not to run a web server of any kind (Tomcat or otherwise) using a privileged account. Bill
Re: Tomcat on Windows : new keystore possibilities
If you can share a way for this to not be necessary, I'm all ears... David Wooffindin From: Bill Stewart Sent: Monday, April 8, 2024 4:22:37 PM To: Tomcat Users List Subject: Re: Tomcat on Windows : new keystore possibilities On Mon, Apr 8, 2024 at 3:49 AM david w wrote: The account running the Tomcat Windows Service needs local Administrator > rights to be able to refernce these certificate stores. > Fortunately, this statement is not correct. I would definitely not recommend running the Tomcat service using a privileged account. Bill
Re: Tomcat on Windows : new keystore possibilities
On Mon, Apr 8, 2024 at 3:49 AM david w wrote: The account running the Tomcat Windows Service needs local Administrator > rights to be able to refernce these certificate stores. > Fortunately, this statement is not correct. I would definitely not recommend running the Tomcat service using a privileged account. Bill
