On Tue, 15 Oct 2024 17:59:52 GMT, rebarbora-mckvak <d...@openjdk.org> wrote:

>> This fixes the defect described at 
>> https://bugs.openjdk.org/browse/JDK-8313367
>> 
>> If the process does not have write permissions, the store is opened as 
>> read-only (instead of failing).
>> 
>> Please note that permissions to use a certificate in a local machine store 
>> must be granted - in a management console, select a certificate, right-click 
>> -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> rebarbora-mckvak has updated the pull request incrementally with one 
> additional commit since the last revision:
> 
>   copyright fixed

Any news on this issue? I would like to use certificates from the windows cert 
store for our tomcat servers, because these will get automatically renewed by 
AD cert templates.

The problem is: it currently works only when the tomcat server is running as 
LocalSystem.

<Certificate certificateKeystoreType="Windows-MY-LOCALMACHINE"
                         certificateKeystoreFile=""
                         certificateKeyAlias="cert-alias"
                         protocols="TLSv1.2,TLSv1.3"
                         />

I need a solution which works with a gMSA - without admin rights.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2443610090

Reply via email to