Alex,
On 1/19/23 13:31, a.grub...@bluewin.ch wrote:
Do you know if in future apache tomcat releases, this will be
possible to put a path? It would be the easiest for everyone, my
opinion...
I believe there are currently two ways to do with with existing Tomcat
releases:
1. service binding property source
2. XML entities
We don't need another mechanism for this.
-chris
-----Ursprüngliche Nachricht-----
Von: Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.INVALID>
Gesendet: Mittwoch, 18. Januar 2023 22:03
An: Tomcat Users List <users@tomcat.apache.org>
Betreff: AW: Password in Tomcat 9.x
Hello Alex,
thanks for the clarification. Now I got the topic.
I don't think that you can use a path there.
The options I have in mind are:
- Use properties:
https://stackoverflow.com/questions/11926181/environment-system-variables-in
-server-xml
- Remove password or set it to the same password.
This won't decrease security in my opinion.
Greetings,
Thomas
-----Ursprüngliche Nachricht-----
Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch>
Gesendet: Mittwoch, 18. Januar 2023 20:28
An: 'Tomcat Users List' <users@tomcat.apache.org>
Betreff: AW: Password in Tomcat 9.x
Hoi Thomas
Thanks for your feedback.
I checked - here I can give you the following.
I have a webserver certificate (p12) stored on the filesystem. It has
the p12.pwd also this location. Owner and group are well protected
from other technical users.
Now, the config file, where the webserver cert is used is in the
server.xml.
Inside there:
clientAuth="true" sslProtocol="TLS"
keystorefile="PATH_TO_THE_CERTIFICATE/CERT.p12"
keystorePass="PASSWORD"
truststore="TRUSTSTORE_CERTIFICATE.jks"
truststorePass="PASSWORD"
sslEnable="True"
protocol="org.apache.coyote.http11.Http11Prococol"
Now I would like to remove the PASSWORD from the keystorePass and put
in there the path to the pwd of the webserver certificate. Same also
for the truststore.
- Is that possible? If yes, how is that to be done?
Thanks for your feedback.
Regards
Alex
-----Ursprüngliche Nachricht-----
Von: Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.INVALID>
Gesendet: Mittwoch, 18. Januar 2023 07:12
An: Tomcat Users List <users@tomcat.apache.org>
Betreff: AW: Password in Tomcat 9.x
Hello Alex,
I usually remove the password on the p12 file via openssl.
Protecting with password and writing the password in clear text
somewhere doesn't improve security much I think.
Dunno if this is a possible way to go for you.
Greetings,
Thomas
________________________________
Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch>
Gesendet: Dienstag, 17. Januar 2023 21:01:00
An: 'Tomcat Users List'
Betreff: AW: Password in Tomcat 9.x
Hoi Thomas
Received also from Mark an email where he requested an example of the
web.xml. Will provide you this tomorrow. Below is what I wrote him.
Regards
Alex
#
#
#
Hi Mark
I will provide a config example tomorrow. Let you know the details.
I have them on the other machine.
In general it is like that - we have a webserver certificate (p12),
which we use to have the https protocol. The certificate comes
together with a p12.pwd file and this password of the certificate is
stored in the web.xml.
I want now to remove this password by configuring just the path to this
file.
In case someone renew the certificate, the restart of tomcat can be
done anytime as always the correct password is used.
Regards
Alexander
#
#
#
-----Ursprüngliche Nachricht-----
Von: Thomas Hoffmann (Speed4Trade GmbH)
<thomas.hoffm...@speed4trade.com.INVALID>
Gesendet: Dienstag, 17. Januar 2023 19:19
An: Tomcat Users List <users@tomcat.apache.org>
Betreff: AW: Password in Tomcat 9.x
Hello Alex,
I am not sure what your goal is.
Webserver certificate (with private key) is used for encryption / ssl /
tls.
Password is used for user authentication and in web.xml you only
specify the auth method, not any passwords. Or do you plan auth with
client certificates?
Greetings, Thomas
________________________________
Von: a.grub...@bluewin.ch <a.grub...@bluewin.ch>
Gesendet: Dienstag, 17. Januar 2023 18:34:15
An: users@tomcat.apache.org
Betreff: Password in Tomcat 9.x
Hello together
I would like to understand, when implementing passwords into web.xml,
then I would like NOT to implement a password, I want to include the
path to a certificate (p12.pwd). I want to basically avoid, changing
all the time the password, when I renew my webserver certificate in the
configuration.
Which version of Tomcat 9.x is able to do this? Will it be for seen,
that 9.x can do this?
If no 9.x can do, which other Tomcat can do this?
Thank you
Alexander Grubner
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
