Hello Alex, I am not a tomcat developer but as there are several alternatives, I suppose that this is not a big benefit. Most users just remove the password.. at least it's my experience. I don't see benefits by putting a password on the key as long as the folder permissions are set properly.
Greetings, Thomas > -----Ursprüngliche Nachricht----- > Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch> > Gesendet: Donnerstag, 19. Januar 2023 19:31 > An: 'Tomcat Users List' <users@tomcat.apache.org> > Betreff: AW: Password in Tomcat 9.x > > Hoi Thomas > > Thank you for your feedback. > > Do you know if in future apache tomcat releases, this will be possible to put > a > path? It would be the easiest for everyone, my opinion... > > Thanks > Alex > > -----Ursprüngliche Nachricht----- > Von: Thomas Hoffmann (Speed4Trade GmbH) > <thomas.hoffm...@speed4trade.com.INVALID> > Gesendet: Mittwoch, 18. Januar 2023 22:03 > An: Tomcat Users List <users@tomcat.apache.org> > Betreff: AW: Password in Tomcat 9.x > > Hello Alex, > > thanks for the clarification. Now I got the topic. > > I don't think that you can use a path there. > > The options I have in mind are: > - Use properties: > https://stackoverflow.com/questions/11926181/environment-system-variables- > in > -server-xml > - Remove password or set it to the same password. > This won't decrease security in my opinion. > > Greetings, > Thomas > > > -----Ursprüngliche Nachricht----- > > Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch> > > Gesendet: Mittwoch, 18. Januar 2023 20:28 > > An: 'Tomcat Users List' <users@tomcat.apache.org> > > Betreff: AW: Password in Tomcat 9.x > > > > Hoi Thomas > > > > Thanks for your feedback. > > > > I checked - here I can give you the following. > > > > I have a webserver certificate (p12) stored on the filesystem. It has > > the p12.pwd also this location. Owner and group are well protected > > from other technical users. > > > > Now, the config file, where the webserver cert is used is in the > server.xml. > > > > Inside there: > > > > clientAuth="true" sslProtocol="TLS" > > keystorefile="PATH_TO_THE_CERTIFICATE/CERT.p12" > > keystorePass="PASSWORD" > > truststore="TRUSTSTORE_CERTIFICATE.jks" > > truststorePass="PASSWORD" > > sslEnable="True" > > protocol="org.apache.coyote.http11.Http11Prococol" > > > > Now I would like to remove the PASSWORD from the keystorePass and put > > in there the path to the pwd of the webserver certificate. Same also > > for the truststore. > > > > - Is that possible? If yes, how is that to be done? > > > > Thanks for your feedback. > > > > Regards > > Alex > > > > > > > > > > > > -----Ursprüngliche Nachricht----- > > Von: Thomas Hoffmann (Speed4Trade GmbH) > > <thomas.hoffm...@speed4trade.com.INVALID> > > Gesendet: Mittwoch, 18. Januar 2023 07:12 > > An: Tomcat Users List <users@tomcat.apache.org> > > Betreff: AW: Password in Tomcat 9.x > > > > Hello Alex, > > I usually remove the password on the p12 file via openssl. > > Protecting with password and writing the password in clear text > > somewhere doesn't improve security much I think. > > Dunno if this is a possible way to go for you. > > Greetings, > > Thomas > > ________________________________ > > Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch> > > Gesendet: Dienstag, 17. Januar 2023 21:01:00 > > An: 'Tomcat Users List' > > Betreff: AW: Password in Tomcat 9.x > > > > Hoi Thomas > > > > Received also from Mark an email where he requested an example of the > > web.xml. Will provide you this tomorrow. Below is what I wrote him. > > > > Regards > > Alex > > > > # > > # > > # > > Hi Mark > > > > I will provide a config example tomorrow. Let you know the details. > > > > I have them on the other machine. > > > > In general it is like that - we have a webserver certificate (p12), > > which we use to have the https protocol. The certificate comes > > together with a p12.pwd file and this password of the certificate is > stored in the web.xml. > > I want now to remove this password by configuring just the path to > > this > file. > > > > In case someone renew the certificate, the restart of tomcat can be > > done anytime as always the correct password is used. > > > > Regards > > Alexander > > # > > # > > # > > > > -----Ursprüngliche Nachricht----- > > Von: Thomas Hoffmann (Speed4Trade GmbH) > > <thomas.hoffm...@speed4trade.com.INVALID> > > Gesendet: Dienstag, 17. Januar 2023 19:19 > > An: Tomcat Users List <users@tomcat.apache.org> > > Betreff: AW: Password in Tomcat 9.x > > > > Hello Alex, > > I am not sure what your goal is. > > Webserver certificate (with private key) is used for encryption / ssl > > / > tls. > > Password is used for user authentication and in web.xml you only > > specify the auth method, not any passwords. Or do you plan auth with > client certificates? > > > > Greetings, Thomas > > ________________________________ > > Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch> > > Gesendet: Dienstag, 17. Januar 2023 18:34:15 > > An: users@tomcat.apache.org > > Betreff: Password in Tomcat 9.x > > > > Hello together > > > > > > > > I would like to understand, when implementing passwords into web.xml, > > then I would like NOT to implement a password, I want to include the > > path to a certificate (p12.pwd). I want to basically avoid, changing > > all the time the password, when I renew my webserver certificate in > > the > configuration. > > > > > > > > Which version of Tomcat 9.x is able to do this? Will it be for seen, > > that 9.x can do this? > > > > If no 9.x can do, which other Tomcat can do this? > > > > > > > > Thank you > > > > Alexander Grubner > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
