Re: Tomcat on Windows : new keystore possibilities

2024-04-08 Thread david w
I understand, but am not looking for troubleshooting but trying to raise 
awareness of the new sunmscapi capabilities.
I'm testing using the private key in the windows machine store to simplify tls 
implementation.
For this it requires local admin rights but I am also looking how to not need 
this...

David Wooffindin

From: Bill Stewart 
Sent: Monday, April 8, 2024 5:36:47 PM
To: Tomcat Users List 
Subject: Re: Tomcat on Windows : new keystore possibilities

On Mon, Apr 8, 2024 at 8:27 AM david w wrote:

If you can share a way for this to not be necessary, I'm all ears...
>

I can read computer certificates from non-privileged accounts on Windows.
(How would a user application such as a browser work otherwise?)

I'm not sure what's different on your system or why you think a privileged
account is required.

In any case, this would not be a Tomcat-specific issue but rather some kind
of configuration issue. (What I am saying is that troubleshooting this
issue on your machine is really outside the scope of this specific mailing
list.)

I would repeat my recommendation not to run a web server of any kind
(Tomcat or otherwise) using a privileged account.

Bill


Re: Tomcat on Windows : new keystore possibilities

2024-04-08 Thread Bill Stewart
On Mon, Apr 8, 2024 at 8:27 AM david w wrote:

If you can share a way for this to not be necessary, I'm all ears...
>

I can read computer certificates from non-privileged accounts on Windows.
(How would a user application such as a browser work otherwise?)

I'm not sure what's different on your system or why you think a privileged
account is required.

In any case, this would not be a Tomcat-specific issue but rather some kind
of configuration issue. (What I am saying is that troubleshooting this
issue on your machine is really outside the scope of this specific mailing
list.)

I would repeat my recommendation not to run a web server of any kind
(Tomcat or otherwise) using a privileged account.

Bill


Re: Tomcat on Windows : new keystore possibilities

2024-04-08 Thread david w
If you can share a way for this to not be necessary, I'm all ears...😁

David Wooffindin

From: Bill Stewart 
Sent: Monday, April 8, 2024 4:22:37 PM
To: Tomcat Users List 
Subject: Re: Tomcat on Windows : new keystore possibilities

On Mon, Apr 8, 2024 at 3:49 AM david w wrote:

The account running the Tomcat Windows Service needs local Administrator
> rights to be able to refernce these certificate stores.
>

Fortunately, this statement is not correct.

I would definitely not recommend running the Tomcat service using a
privileged account.

Bill


Re: Tomcat on Windows : new keystore possibilities

2024-04-08 Thread Bill Stewart
On Mon, Apr 8, 2024 at 3:49 AM david w wrote:

The account running the Tomcat Windows Service needs local Administrator
> rights to be able to refernce these certificate stores.
>

Fortunately, this statement is not correct.

I would definitely not recommend running the Tomcat service using a
privileged account.

Bill