Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0DB7C200C81 for ; Fri, 26 May 2017 22:29:53 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 0C607160BC7; Fri, 26 May 2017 20:29:53 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 528FD160B9C for ; Fri, 26 May 2017 22:29:52 +0200 (CEST) Received: (qmail 10708 invoked by uid 500); 26 May 2017 20:29:50 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 10697 invoked by uid 99); 26 May 2017 20:29:50 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 26 May 2017 20:29:50 +0000 Received: from Christophers-MacBook-Pro.local (pool-173-66-116-184.washdc.fios.verizon.net [173.66.116.184]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 736D01A031B for ; Fri, 26 May 2017 20:29:50 +0000 (UTC) Subject: Re: [OT] server.xml password encryption instead of plain text To: users@tomcat.apache.org References:

<74767b43689b40aeaefe2de1d3296d7e@sap.com> From: Christopher Schultz Message-ID: <4dbaaeac-03a6-cd08-a0ad-731c5f3989ba@christopherschultz.net> Date: Fri, 26 May 2017 16:29:48 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <74767b43689b40aeaefe2de1d3296d7e@sap.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit archived-at: Fri, 26 May 2017 20:29:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Harri, On 5/26/17 3:32 AM, Pesonen, Harri wrote: > It is possible to use Windows certificate store like this: > > keyAlias="..." keystoreFile="" keystoreType="Windows-My" > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" sslEnabledProtocols="TLSv1" > sslProtocol="TLS"/> > > You have to enter keyAlias that matches the subject of the > certificate in Windows user's personal certificates. Then you don't > need to enter password at all. Interesting... I had never known that Java supported some OS-specific keystore types. https://stackoverflow.com/a/11540061/276232 - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlkokDoACgkQHPApP6U8 pFi/XQ/+M2NSIEJMRD8pzLs0hH8I6e7dvYHknh0D5sYQ1XrprccUhYFQ9x3zsbzq W2lH/gC4UQuGOLoooL0NeI+l1moxKLJCjActC1mBDbCmNZzODRJSparU7m5G/Qta v+lD2+SXxvIDD1d0gvGUwiYczboJQzUp1Hb12P9c5VRpVfzxzJHJyXgX3rv1Y4sV Ay+yxnUvB8kdceaZyGoFRDneJAGNSXBUI7mkLTyjELixXGWWt4EED21rEFimS+Wt uzSra4suk5b5TdhfYSvXWGVrbV6ACk0ySrUC/J0CL9ZsqPX5ZdVY8ykV4UAH9QxE kKzk9Czh8hmXNaQkKFuEoyTP8wmMFohracgvIzplDEudK8cdgtYujChGb8I7UFtL EAgTrHHpJ3TBBue5/CDygq+LpObMxB0OvzS0vAstZrlcMsPYH2ZxBNNv7mjn0pVm ES5Gs+Wt7BHqNLPocaIAWahg6MdV4BdVWQ/Cctfqq77EnLLNXanyRan0KCjk8tQa rZN2krXRl++xxsvajfyCdlpGLo3qAAwAf2aeQnV3PR9kKhe7298kNchrc5OO/KlH l/6R/Ez+VTbW4NB/LVXuBbA5cQQGcaryodM8ZBakWw6uDF2EE+Ibu8ZRxyfW4d9U KazBFgZTa5C3iUuKuCSXhl45MNbR0sVJkzzRuIoo0tgwqOpNju8= =bQhr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org