Re: [OT] server.xml password encryption instead of plain text
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harri, On 5/26/17 3:32 AM, Pesonen, Harri wrote: > It is possible to use Windows certificate store like this: > > keyAlias="..." keystoreFile="" keystoreType="Windows-My" > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" sslEnabledProtocols="TLSv1" > sslProtocol="TLS"/> > > You have to enter keyAlias that matches the subject of the > certificate in Windows user's personal certificates. Then you don't > need to enter password at all. Interesting... I had never known that Java supported some OS-specific keystore types. https://stackoverflow.com/a/11540061/276232 - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlkokDoACgkQHPApP6U8 pFi/XQ/+M2NSIEJMRD8pzLs0hH8I6e7dvYHknh0D5sYQ1XrprccUhYFQ9x3zsbzq W2lH/gC4UQuGOLoooL0NeI+l1moxKLJCjActC1mBDbCmNZzODRJSparU7m5G/Qta v+lD2+SXxvIDD1d0gvGUwiYczboJQzUp1Hb12P9c5VRpVfzxzJHJyXgX3rv1Y4sV Ay+yxnUvB8kdceaZyGoFRDneJAGNSXBUI7mkLTyjELixXGWWt4EED21rEFimS+Wt uzSra4suk5b5TdhfYSvXWGVrbV6ACk0ySrUC/J0CL9ZsqPX5ZdVY8ykV4UAH9QxE kKzk9Czh8hmXNaQkKFuEoyTP8wmMFohracgvIzplDEudK8cdgtYujChGb8I7UFtL EAgTrHHpJ3TBBue5/CDygq+LpObMxB0OvzS0vAstZrlcMsPYH2ZxBNNv7mjn0pVm ES5Gs+Wt7BHqNLPocaIAWahg6MdV4BdVWQ/Cctfqq77EnLLNXanyRan0KCjk8tQa rZN2krXRl++xxsvajfyCdlpGLo3qAAwAf2aeQnV3PR9kKhe7298kNchrc5OO/KlH l/6R/Ez+VTbW4NB/LVXuBbA5cQQGcaryodM8ZBakWw6uDF2EE+Ibu8ZRxyfW4d9U KazBFgZTa5C3iUuKuCSXhl45MNbR0sVJkzzRuIoo0tgwqOpNju8= =bQhr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server.xml password encryption instead of plain text
Hi. Rather than spending a lot of time (again) on this issue, I would suggest that everyone (re-)read the excellent FAQ article summarising the issue. https://wiki.apache.org/tomcat/FAQ/Password And/or, search the tomcat user's list archives about this topic, such as : http://marc.info/?l=tomcat-user=2=1=encrypted+passwords=b On 26.05.2017 09:39, Dhaval Jaiswal wrote: I have the unix system. On Fri, May 26, 2017 at 1:02 PM, Pesonen, Harri <harri.peso...@sap.com> wrote: It is possible to use Windows certificate store like this: You have to enter keyAlias that matches the subject of the certificate in Windows user's personal certificates. Then you don't need to enter password at all. -Harri -Original Message- From: John Palmer [mailto:johnpalm...@gmail.com] Sent: 25. toukokuuta 2017 17:01 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.keyStore=NONE .. and this may not work at all.. On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com> wrote: On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com> wrote: How can we avoid defining plain text password in server.xml or is there a way i can encrypt the password in server.xml. There are couple of examples on https://wiki.apache.org/ tomcat/FAQ/Password -- Regards, Vidyadhar - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server.xml password encryption instead of plain text
I have the unix system. On Fri, May 26, 2017 at 1:02 PM, Pesonen, Harri <harri.peso...@sap.com> wrote: > It is possible to use Windows certificate store like this: > > keyAlias="..." keystoreFile="" keystoreType="Windows-My" maxThreads="150" > port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" sslEnabledProtocols="TLSv1" sslProtocol="TLS"/> > > You have to enter keyAlias that matches the subject of the certificate in > Windows user's personal certificates. Then you don't need to enter password > at all. > > -Harri > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent: 25. toukokuuta 2017 17:01 > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: server.xml password encryption instead of plain text > > I haven't tested it yet, but if you're on a Windows platform you MAY be > able to tell Tomcat to use the Windows Certificate Store (an thus NOT have > a password in server.xml) by adding something like this to the Java > Options: > -Djavax.net.ssl.trustStoreProvider=SunMSCAPI > -Djavax.net.ssl.trustStoreType=Windows-ROOT > -Djavax.net.ssl.trustStore=NONE > -Djavax.net.ssl.keyStoreProvider=SunMSCAPI > -Djavax.net.ssl.keyStoreType=Windows-MY > -Djavax.net.ssl.keyStore=NONE > > .. and this may not work at all.. > > > On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com> > wrote: > > > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com> > > wrote: > > > > > How can we avoid defining plain text password in server.xml or is > there > > a > > > way i can encrypt the password in server.xml. > > > > > There are couple of examples on https://wiki.apache.org/ > > tomcat/FAQ/Password > > -- > > Regards, > > Vidyadhar > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: server.xml password encryption instead of plain text
It is possible to use Windows certificate store like this: You have to enter keyAlias that matches the subject of the certificate in Windows user's personal certificates. Then you don't need to enter password at all. -Harri -Original Message- From: John Palmer [mailto:johnpalm...@gmail.com] Sent: 25. toukokuuta 2017 17:01 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.keyStore=NONE .. and this may not work at all.. On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com> wrote: > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com> > wrote: > > > How can we avoid defining plain text password in server.xml or is there > a > > way i can encrypt the password in server.xml. > > > There are couple of examples on https://wiki.apache.org/ > tomcat/FAQ/Password > -- > Regards, > Vidyadhar > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server.xml password encryption instead of plain text
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 5/25/17 10:00 AM, John Palmer wrote: > On Thu, May 25, 2017 at 7:46 AM, Vidyadhar >wrote: > >> On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal >> wrote: >> >>> How can we avoid defining plain text password in server.xml or >>> is there >> a >>> way i can encrypt the password in server.xml. >>> >> There are couple of examples on https://wiki.apache.org/ >> tomcat/FAQ/Password > I haven't tested it yet, but if you're on a Windows platform you > MAY be able to tell Tomcat to use the Windows Certificate Store (an > thus NOT have > a password in server.xml) by adding something like this to the > Java Options: > -Djavax.net.ssl.trustStoreProvider=SunMSCAPI > -Djavax.net.ssl.trustStoreType=Windows-ROOT > -Djavax.net.ssl.trustStore=NONE > -Djavax.net.ssl.keyStoreProvider=SunMSCAPI > -Djavax.net.ssl.keyStoreType=Windows-MY > -Djavax.net.ssl.keyStore=NONE > > .. and this may not work at all.. > This will in fact not work at all. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJZJxzmAAoJEBzwKT+lPKRYKxYQALGS5K9nJIv+4iKCLDwRaB7D ClSjk5yjmeJXHXT38MCYVLGCpfzN3qA99CnxLKrdBMczPdM+M9NNS6+m7dubPt4b V4HZk3sqkwn15mpzr6CRn0v3pGukaCEoIvtomydLqWXcQeegEMSpyNh5K0TzctDB Ib5PMFYW59sI050Bih0bTSm1MQVJUPmNh77kLTbQZJwzhJV7lS9Ox20Tp2g5c92a EBGlAqZGMoa3aIhTLJKsbQuKOOT7W8Qe11d/2TpI7bVmfnjwcRpAGQm+PtvFdbB+ eQMgdHX/uDR1XXMJrYeAPBkhfi57/L+Vq7OJOig/W+IuCjSBy0CTP6lWN4Ai7Z14 QTVMdGFP4Oy6YUG3jT1LGzodAr8keD36qiI5q9ZDLRIJs0PxXJoBSg24YbSvPGyH IdHA8zA7lxMrjitAJ56bbfpFHV/Cf9LUeROjHFnHYEzQ6P17uj9zRtwVQgaz2Emj BLWPNkr4uRfsEayJkl+5n/UCZLTTCU8bVW4zOiIl/qWuLVkVEsTQ1R/SXmIGGP6A Qut3i4UDPHUOB6l39sFTM8msNZRF3qnKXCYg+xewyKaJMr/aVp0eKWreFbNRwOph 1bQdYEGK+oLypwK6xbAfXt/NmnkzHQnPAfCbgYsbNSkGuU8Vpv4jLKOo1Ojs/Oj2 jecH1wgBAbXqALKcWpl1 =OGZ9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server.xml password encryption instead of plain text
I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.keyStore=NONE .. and this may not work at all.. On Thu, May 25, 2017 at 7:46 AM, Vidyadharwrote: > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal > wrote: > > > How can we avoid defining plain text password in server.xml or is there > a > > way i can encrypt the password in server.xml. > > > There are couple of examples on https://wiki.apache.org/ > tomcat/FAQ/Password > -- > Regards, > Vidyadhar >
Re: server.xml password encryption instead of plain text
On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswalwrote: > How can we avoid defining plain text password in server.xml or is there a > way i can encrypt the password in server.xml. > There are couple of examples on https://wiki.apache.org/tomcat/FAQ/Password -- Regards, Vidyadhar
server.xml password encryption instead of plain text
How can we avoid defining plain text password in server.xml or is there a way i can encrypt the password in server.xml.