On 8/14/2014 10:33 AM, Mark Thomas wrote:
On 14/08/2014 15:10, George Sexton wrote:
On 8/4/2014 8:17 AM, André Warnier wrote:
Sanaullah wrote:
Hi,
is there a way i ca replace plain JKS keystore password with encrypted
password in tomcat server.xml?
This kind of question comes regularly on this list, I would say 2 or 3
times each year.
Searching the list archives (mentioned in the superb on-line Tomcat
documentation) would provide a number of discussions on the topic.
The basic answer is no, because then Tomcat would need to be able to
decrypt it; and to do that, it would need to know a decryption key;
and to know that, this decryption key would need to be stored
somewhere; loop to the beginning of this paragraph.
Can you help me understand why tomcat doesn't take the approach of
Apache httpd which is to ask the user for the decryption key at startup
time?
Because it is largely a waste of time. Anyone with root on the box can
do a heap dump and retrieve the actual key or the password used to
Can this be done remotely? Or does it require local access?
protect the key. Much simpler just to not bother with a password and
configure the key file so only root and the Tomcat user can read it.
Same ends, simpler means.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
