Hello Alex,
I usually remove the password on the p12 file via openssl.
Protecting with password and writing the password in clear text somewhere 
doesn't improve security much I think.
Dunno if this is a possible way to go for you.
Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch>
Gesendet: Dienstag, 17. Januar 2023 21:01:00
An: 'Tomcat Users List'
Betreff: AW: Password in Tomcat 9.x

Hoi Thomas

Received also from Mark an email where he requested an example of the
web.xml. Will provide you this tomorrow. Below is what I wrote him.


Hi Mark

I will provide a config example tomorrow. Let you know the details.

I have them on the other machine.

In general it is like that - we have a webserver certificate (p12), which we
use to have the https protocol. The certificate comes together with a
p12.pwd file and this password of the certificate is stored in the web.xml.
I want now to remove this password by configuring just the path to this

In case someone renew the certificate, the restart of tomcat can be done
anytime as always the correct password is used.


-----Urspr√ľngliche Nachricht-----
Von: Thomas Hoffmann (Speed4Trade GmbH)
Gesendet: Dienstag, 17. Januar 2023 19:19
An: Tomcat Users List <users@tomcat.apache.org>
Betreff: AW: Password in Tomcat 9.x

Hello Alex,
I am not sure what your goal is.
Webserver certificate (with private key) is used for encryption / ssl / tls.
Password is used for user authentication and in web.xml you only specify the
auth method, not any passwords. Or do you plan auth with client

Greetings, Thomas
Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch>
Gesendet: Dienstag, 17. Januar 2023 18:34:15
An: users@tomcat.apache.org
Betreff: Password in Tomcat 9.x

Hello together

I would like to understand, when implementing passwords into web.xml, then I
would like NOT to implement a password, I want to include the path to a
certificate (p12.pwd). I want to basically avoid, changing all the time the
password, when I renew my webserver certificate in the configuration.

Which version of Tomcat 9.x is able to do this? Will it be for seen, that
9.x can do this?

If no 9.x can do, which other Tomcat can do this?

Thank you

Alexander Grubner

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to