subject:"server.xml password encryption instead of plain text"

Re: [OT] server.xml password encryption instead of plain text

2017-05-26 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Harri,

On 5/26/17 3:32 AM, Pesonen, Harri wrote:
> It is possible to use Windows certificate store like this:
> 
>  keyAlias="..." keystoreFile="" keystoreType="Windows-My"
> maxThreads="150" port="8443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" sslEnabledProtocols="TLSv1"
> sslProtocol="TLS"/>
> 
> You have to enter keyAlias that matches the subject of the
> certificate in Windows user's personal certificates. Then you don't
> need to enter password at all.

Interesting... I had never known that Java supported some OS-specific
keystore types.

https://stackoverflow.com/a/11540061/276232

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlkokDoACgkQHPApP6U8
pFi/XQ/+M2NSIEJMRD8pzLs0hH8I6e7dvYHknh0D5sYQ1XrprccUhYFQ9x3zsbzq
W2lH/gC4UQuGOLoooL0NeI+l1moxKLJCjActC1mBDbCmNZzODRJSparU7m5G/Qta
v+lD2+SXxvIDD1d0gvGUwiYczboJQzUp1Hb12P9c5VRpVfzxzJHJyXgX3rv1Y4sV
Ay+yxnUvB8kdceaZyGoFRDneJAGNSXBUI7mkLTyjELixXGWWt4EED21rEFimS+Wt
uzSra4suk5b5TdhfYSvXWGVrbV6ACk0ySrUC/J0CL9ZsqPX5ZdVY8ykV4UAH9QxE
kKzk9Czh8hmXNaQkKFuEoyTP8wmMFohracgvIzplDEudK8cdgtYujChGb8I7UFtL
EAgTrHHpJ3TBBue5/CDygq+LpObMxB0OvzS0vAstZrlcMsPYH2ZxBNNv7mjn0pVm
ES5Gs+Wt7BHqNLPocaIAWahg6MdV4BdVWQ/Cctfqq77EnLLNXanyRan0KCjk8tQa
rZN2krXRl++xxsvajfyCdlpGLo3qAAwAf2aeQnV3PR9kKhe7298kNchrc5OO/KlH
l/6R/Ez+VTbW4NB/LVXuBbA5cQQGcaryodM8ZBakWw6uDF2EE+Ibu8ZRxyfW4d9U
KazBFgZTa5C3iUuKuCSXhl45MNbR0sVJkzzRuIoo0tgwqOpNju8=
=bQhr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: server.xml password encryption instead of plain text

2017-05-26 Thread tomcat


Hi.
Rather than spending a lot of time (again) on this issue, I would suggest that everyone 
(re-)read the excellent FAQ article summarising the issue.


https://wiki.apache.org/tomcat/FAQ/Password

And/or, search the tomcat user's list archives about this topic, such as :
http://marc.info/?l=tomcat-user=2=1=encrypted+passwords=b



On 26.05.2017 09:39, Dhaval Jaiswal wrote:

I have the unix system.



On Fri, May 26, 2017 at 1:02 PM, Pesonen, Harri <harri.peso...@sap.com>
wrote:


It is possible to use Windows certificate store like this:



You have to enter keyAlias that matches the subject of the certificate in
Windows user's personal certificates. Then you don't need to enter password
at all.

-Harri

-Original Message-
From: John Palmer [mailto:johnpalm...@gmail.com]
Sent: 25. toukokuuta 2017 17:01
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: server.xml password encryption instead of plain text

I haven't tested it yet, but if you're on a Windows platform you MAY be
able to tell Tomcat to use the Windows Certificate Store (an thus NOT have
a password in server.xml) by adding something like this to the Java
Options:
-Djavax.net.ssl.trustStoreProvider=SunMSCAPI
-Djavax.net.ssl.trustStoreType=Windows-ROOT
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.keyStoreProvider=SunMSCAPI
-Djavax.net.ssl.keyStoreType=Windows-MY
-Djavax.net.ssl.keyStore=NONE

.. and this may not work at all..


On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com>
wrote:


On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com>
wrote:


How can we avoid defining plain text password in server.xml or is

there

a

way i can encrypt the password in server.xml. 


There are couple of examples on https://wiki.apache.org/
tomcat/FAQ/Password
--
Regards,
Vidyadhar



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: server.xml password encryption instead of plain text

2017-05-26 Thread Dhaval Jaiswal

I have the unix system.



On Fri, May 26, 2017 at 1:02 PM, Pesonen, Harri <harri.peso...@sap.com>
wrote:

> It is possible to use Windows certificate store like this:
>
>  keyAlias="..." keystoreFile="" keystoreType="Windows-My" maxThreads="150"
> port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" sslEnabledProtocols="TLSv1" sslProtocol="TLS"/>
>
> You have to enter keyAlias that matches the subject of the certificate in
> Windows user's personal certificates. Then you don't need to enter password
> at all.
>
> -Harri
>
> -Original Message-
> From: John Palmer [mailto:johnpalm...@gmail.com]
> Sent: 25. toukokuuta 2017 17:01
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: server.xml password encryption instead of plain text
>
> I haven't tested it yet, but if you're on a Windows platform you MAY be
> able to tell Tomcat to use the Windows Certificate Store (an thus NOT have
> a password in server.xml) by adding something like this to the Java
> Options:
> -Djavax.net.ssl.trustStoreProvider=SunMSCAPI
> -Djavax.net.ssl.trustStoreType=Windows-ROOT
> -Djavax.net.ssl.trustStore=NONE
> -Djavax.net.ssl.keyStoreProvider=SunMSCAPI
> -Djavax.net.ssl.keyStoreType=Windows-MY
> -Djavax.net.ssl.keyStore=NONE
>
> .. and this may not work at all..
>
>
> On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com>
> wrote:
>
> > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com>
> > wrote:
> >
> > > How can we avoid defining plain text password in server.xml or is
> there
> > a
> > > way i can encrypt the password in server.xml. 
> > >
> > There are couple of examples on https://wiki.apache.org/
> > tomcat/FAQ/Password
> > --
> > Regards,
> > Vidyadhar
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

RE: server.xml password encryption instead of plain text

2017-05-26 Thread Pesonen, Harri

It is possible to use Windows certificate store like this:



You have to enter keyAlias that matches the subject of the certificate in 
Windows user's personal certificates. Then you don't need to enter password at 
all.

-Harri

-Original Message-
From: John Palmer [mailto:johnpalm...@gmail.com] 
Sent: 25. toukokuuta 2017 17:01
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: server.xml password encryption instead of plain text

I haven't tested it yet, but if you're on a Windows platform you MAY be
able to tell Tomcat to use the Windows Certificate Store (an thus NOT have
a password in server.xml) by adding something like this to the Java Options:
-Djavax.net.ssl.trustStoreProvider=SunMSCAPI
-Djavax.net.ssl.trustStoreType=Windows-ROOT
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.keyStoreProvider=SunMSCAPI
-Djavax.net.ssl.keyStoreType=Windows-MY
-Djavax.net.ssl.keyStore=NONE

.. and this may not work at all..


On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote@gmail.com> wrote:

> On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com>
> wrote:
>
> > How can we avoid defining plain text password in server.xml or is there
> a
> > way i can encrypt the password in server.xml. 
> >
> There are couple of examples on https://wiki.apache.org/
> tomcat/FAQ/Password
> --
> Regards,
> Vidyadhar
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: server.xml password encryption instead of plain text

2017-05-25 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

John,

On 5/25/17 10:00 AM, John Palmer wrote:
> On Thu, May 25, 2017 at 7:46 AM, Vidyadhar
>  wrote:
> 
>> On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal
>>  wrote:
>> 
>>> How can we avoid defining plain text password in server.xml or
>>> is there
>> a
>>> way i can encrypt the password in server.xml. 
>>> 
>> There are couple of examples on https://wiki.apache.org/ 
>> tomcat/FAQ/Password

> I haven't tested it yet, but if you're on a Windows platform you
> MAY be able to tell Tomcat to use the Windows Certificate Store (an
> thus
NOT have
> a password in server.xml) by adding something like this to the
> Java
Options:
> -Djavax.net.ssl.trustStoreProvider=SunMSCAPI 
> -Djavax.net.ssl.trustStoreType=Windows-ROOT 
> -Djavax.net.ssl.trustStore=NONE 
> -Djavax.net.ssl.keyStoreProvider=SunMSCAPI 
> -Djavax.net.ssl.keyStoreType=Windows-MY 
> -Djavax.net.ssl.keyStore=NONE
> 
> .. and this may not work at all..
> 

This will in fact not work at all.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZJxzmAAoJEBzwKT+lPKRYKxYQALGS5K9nJIv+4iKCLDwRaB7D
ClSjk5yjmeJXHXT38MCYVLGCpfzN3qA99CnxLKrdBMczPdM+M9NNS6+m7dubPt4b
V4HZk3sqkwn15mpzr6CRn0v3pGukaCEoIvtomydLqWXcQeegEMSpyNh5K0TzctDB
Ib5PMFYW59sI050Bih0bTSm1MQVJUPmNh77kLTbQZJwzhJV7lS9Ox20Tp2g5c92a
EBGlAqZGMoa3aIhTLJKsbQuKOOT7W8Qe11d/2TpI7bVmfnjwcRpAGQm+PtvFdbB+
eQMgdHX/uDR1XXMJrYeAPBkhfi57/L+Vq7OJOig/W+IuCjSBy0CTP6lWN4Ai7Z14
QTVMdGFP4Oy6YUG3jT1LGzodAr8keD36qiI5q9ZDLRIJs0PxXJoBSg24YbSvPGyH
IdHA8zA7lxMrjitAJ56bbfpFHV/Cf9LUeROjHFnHYEzQ6P17uj9zRtwVQgaz2Emj
BLWPNkr4uRfsEayJkl+5n/UCZLTTCU8bVW4zOiIl/qWuLVkVEsTQ1R/SXmIGGP6A
Qut3i4UDPHUOB6l39sFTM8msNZRF3qnKXCYg+xewyKaJMr/aVp0eKWreFbNRwOph
1bQdYEGK+oLypwK6xbAfXt/NmnkzHQnPAfCbgYsbNSkGuU8Vpv4jLKOo1Ojs/Oj2
jecH1wgBAbXqALKcWpl1
=OGZ9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: server.xml password encryption instead of plain text

2017-05-25 Thread John Palmer

I haven't tested it yet, but if you're on a Windows platform you MAY be
able to tell Tomcat to use the Windows Certificate Store (an thus NOT have
a password in server.xml) by adding something like this to the Java Options:
-Djavax.net.ssl.trustStoreProvider=SunMSCAPI
-Djavax.net.ssl.trustStoreType=Windows-ROOT
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.keyStoreProvider=SunMSCAPI
-Djavax.net.ssl.keyStoreType=Windows-MY
-Djavax.net.ssl.keyStore=NONE

.. and this may not work at all..


On Thu, May 25, 2017 at 7:46 AM, Vidyadhar  wrote:

> On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal 
> wrote:
>
> > How can we avoid defining plain text password in server.xml or is there
> a
> > way i can encrypt the password in server.xml. 
> >
> There are couple of examples on https://wiki.apache.org/
> tomcat/FAQ/Password
> --
> Regards,
> Vidyadhar
>

Re: server.xml password encryption instead of plain text

2017-05-25 Thread Vidyadhar

On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal 
wrote:

> How can we avoid defining plain text password in server.xml or is there a
> way i can encrypt the password in server.xml. 
>
There are couple of examples on https://wiki.apache.org/tomcat/FAQ/Password
-- 
Regards,
Vidyadhar

server.xml password encryption instead of plain text

2017-05-25 Thread Dhaval Jaiswal

How can we avoid defining plain text password in server.xml or is there a
way i can encrypt the password in server.xml.

Re: [OT] server.xml password encryption instead of plain text

Re: server.xml password encryption instead of plain text

Re: server.xml password encryption instead of plain text

RE: server.xml password encryption instead of plain text

Re: server.xml password encryption instead of plain text

Re: server.xml password encryption instead of plain text

Re: server.xml password encryption instead of plain text

server.xml password encryption instead of plain text

8 matches

Site Navigation

Mail list logo

Footer information