tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Need to Specify keystorePass on Command Line
Date Tue, 12 Feb 2013 22:53:11 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jeffrey,

On 2/12/13 9:40 AM, Harris, Jeffrey E. wrote:
> Tomcat will host a web-app that will connect as a proxy to another 
> organization's system to retrieve data that we will use in our 
> applications.  It is the other organization that is mandating the
> "no password" requirement, and there is no other option than to use
> their data.  Our customer requires that the Tomcat server be up
> 24/7 (with minor outages), hence the need to design a solution that
> satisfies the requirements of both our customer, and the other
> organization. Obviously, if we cannot create a way to automate the
> process, we may have to do something akin to what you do above.
> 
> However, when I run Tomcat from the console, I am never prompted
> for the password.  Instead, Tomcat just fails to start the listener
> on the specified SSL port.

What you describe is simply not possible: the password must be
available in order to unlock the keystore. If you need unattended
restarts, you'll need to have the password stored somewhere.

If you had read the FAQ entry Chuck posted, you would know that you
can specify passwords in an "obfuscated" format -- that is, the actual
password does not appear in clear-text in server.xml.

If you need to specify it on the command-line, then someone needs to
be there to type-in the command. If you want it on the command-line,
but you are going to put the command-line into the registry (as part
of the service-start definition), then you have violated your own
requirements (mentioned earlier that you can't store anything in the
registry).

If the command-line strategy will really work for you (and I really
think it won't, unless you are doing remote-scripted-restarts of your
services, which I didn't actually know you could do on Windows), then
reading the FAQ will present an answer to you (hint: it's the last
option that talks about using a PropertySource). If you still can't
figure it out, then please hire a consultant to do it for you.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlEax9cACgkQ9CaO5/Lv0PBwMgCfQXgupsz7Fmy/9WK4eTZB+9bM
O2AAn3/2R1xj7wWbdUheBFu9x3qgdcS9
=01vv
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message