> -----Original Message----- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, February 12, 2013 6:00 PM > To: Tomcat Users List > Subject: Re: Need to Specify keystorePass on Command Line - Update > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Mark, > > On 2/12/13 4:27 AM, Mark Thomas wrote: > > On 12/02/2013 00:53, Harris, Jeffrey E. wrote: > >> Current status: > >> > >> I replaced keystorePass=<password> with > >> 'keystorePass="${kspassword}"' in server.xml, and executed the > >> command "tomcat7 //TS//Tomcat7 --JvmOptions=-Dkspassword=<password>" > >> and have been able to start the SSL listener as a console > >> application. > >> > >> However, I have not been able to do the same thing with the service, > >> using "sc start Tomcat7 "--JvmOptions=-Dkspassword=<password>", or > >> putting the parameter into the properties of the service entry in > >> Windows Services Manager. > >> > >> I know Charles Caldarale said it could not be done with a service, > >> but it is possible to pass parameters to a service, both using the > >> Windows Services Manager, and via the sc command line utility. I am > >> just not sure what syntax Tomcat is expecting for parameters; I > would > >> think it would match the syntax of the tomcat command above, since > >> that is basically what is being called, just with different > >> parameters. > > > > http://commons.apache.org/daemon/procrun.html > > Since OP is using "sc", there may be a problem there that you can't > specify command-line parameters to a service. > > Obviously, adding the parameter to Windows Services Manager defeats the > whole "must be on the command line, can't be in the registry" > requirement. >
Christopher, The sc start command does allow command line parameters, but I think the syntax of how the parameters are passed to the service executable is not compatible with what Tomcat is expecting. On my test server, I even used the SC command to create a service to start Tomcat by directly executing java and the boot class file, and I could start SSL, but only by embedding the password within a JvmOptions parameter before the java command, not after it (which the java executable syntax requires. The reason I am focusing on sc is that I CAN store the private key on a different system, and set up a scheduled task on that system to check the status of the Tomcat service on the target system, and restart the service remotely (such as after a reboot). The sc command has a server parameter so it can work remotely between servers (with the appropriate permissions, of course). I am also looking at Andre's idea of using Apache as a proxy for Tomcat (I presume using AJP13), and avoiding the need for SSL on Tomcat. I talked to my developer about it, and he thinks that the Webapp can still communicate with the remote service if the Apache server does the PKI authentication with the remote system, and handles the SSL. Finally, I asked my developer to look at your idea of a property source. Jeffrey Harris This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
