It is possible to use Windows certificate store like this: <Connector SSLEnabled="true" address="..." clientAuth="false" keyAlias="..." keystoreFile="" keystoreType="Windows-My" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslEnabledProtocols="TLSv1" sslProtocol="TLS"/>
You have to enter keyAlias that matches the subject of the certificate in Windows user's personal certificates. Then you don't need to enter password at all. -Harri -----Original Message----- From: John Palmer [mailto:johnpalm...@gmail.com] Sent: 25. toukokuuta 2017 17:01 To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: server.xml password encryption instead of plain text I haven't tested it yet, but if you're on a Windows platform you MAY be able to tell Tomcat to use the Windows Certificate Store (an thus NOT have a password in server.xml) by adding something like this to the Java Options: -Djavax.net.ssl.trustStoreProvider=SunMSCAPI -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.keyStoreProvider=SunMSCAPI -Djavax.net.ssl.keyStoreType=Windows-MY -Djavax.net.ssl.keyStore=NONE .. and this may not work at all.. On Thu, May 25, 2017 at 7:46 AM, Vidyadhar <techienote....@gmail.com> wrote: > On Thu, 25 May 2017 at 6:01 PM, Dhaval Jaiswal <dhaval.jais...@via.com> > wrote: > > > How can we avoid defining plain text password in server.xml or is there > a > > way i can encrypt the password in server.xml. > > > There are couple of examples on https://wiki.apache.org/ > tomcat/FAQ/Password > -- > Regards, > Vidyadhar > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
