TC 3.3.x had an optional module to do this. It never got ported. I generally agree with most of the people that say that this is the least of your problems. If you are usings a self-signed cert, then you are just getting what you deserve. Otherwise, you simply contact the CA and revoke the cert: At least this problem solved :). Now, how to deal with the fact that the hacker just uploaded 10,000 credit-card numbers, since my jdbc password was in the clear :).
"Dickson Lam (dilam)" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, I am using Tomcat 5.5.16 window version. When I configure Tomcat to use SSL, I need to put the "keystorePass" password on the Tomcat server.xml file which is in plain text format. Is it anyway I can hide the keystore password from the server.xml? or configure Tomcat to read in an encrypted "keystorePass" password and decrypted the password during startup? Regards Dickson --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]