tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Jeffrey E." <>
Subject RE: Need to Specify keystorePass on Command Line - Update
Date Tue, 12 Feb 2013 23:34:52 GMT

> -----Original Message-----
> From: Christopher Schultz []
> Sent: Tuesday, February 12, 2013 6:00 PM
> To: Tomcat Users List
> Subject: Re: Need to Specify keystorePass on Command Line - Update
> Hash: SHA256
> Mark,
> On 2/12/13 4:27 AM, Mark Thomas wrote:
> > On 12/02/2013 00:53, Harris, Jeffrey E. wrote:
> >> Current status:
> >>
> >> I replaced keystorePass=<password> with
> >> 'keystorePass="${kspassword}"' in server.xml, and executed the
> >> command "tomcat7 //TS//Tomcat7 --JvmOptions=-Dkspassword=<password>"
> >> and have been able to start the SSL listener as a console
> >> application.
> >>
> >> However, I have not been able to do the same thing with the service,
> >> using "sc start Tomcat7 "--JvmOptions=-Dkspassword=<password>", or
> >> putting the parameter into the properties of the service entry in
> >> Windows Services Manager.
> >>
> >> I know Charles Caldarale said it could not be done with a service,
> >> but it is possible to pass parameters to a service, both using the
> >> Windows Services Manager, and via the sc command line utility.  I am
> >> just not sure what syntax Tomcat is expecting for parameters; I
> would
> >> think it would match the syntax of the tomcat command above, since
> >> that is basically what is being called, just with different
> >> parameters.
> >
> >
> Since OP is using "sc", there may be a problem there that you can't
> specify command-line parameters to a service.
> Obviously, adding the parameter to Windows Services Manager defeats the
> whole "must be on the command line, can't be in the registry"
> requirement.


The sc start command does allow command line parameters, but I think the syntax of how the
parameters are passed to the service executable is not compatible with what Tomcat is expecting.
 On my test server, I even used the SC command to create a service to start Tomcat by directly
executing java and the boot class file, and I could start SSL, but only by embedding the password
within a JvmOptions parameter before the java command, not after it (which the java executable
syntax requires.

The reason I am focusing on sc is that I CAN store the private key on a different system,
and set up a scheduled task on that system to check the status of the Tomcat service on the
target system, and restart the service remotely (such as after a reboot).  The sc command
has a server parameter so it can work remotely between servers (with the appropriate permissions,
of course).

I am also looking at Andre's idea of using Apache as a proxy for Tomcat (I presume using AJP13),
and avoiding the need for SSL on Tomcat.  I talked to my developer about it, and he thinks
that the Webapp can still communicate with the remote service if the Apache server does the
PKI authentication with the remote system, and handles the SSL.

Finally, I asked my developer to look at your idea of a property source.

Jeffrey Harris

This e-mail and any attachments are intended only for the use of the addressee(s) named herein
and may contain proprietary information. If you are not the intended recipient of this e-mail
or believe that you received this email in error, please take immediate action to notify the
sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments
from your computer; and do not disseminate, distribute, use, or copy this message and any

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message