On Tue, Jun 25, 2024 at 9:14 AM david w wrote: I've had the same experience, but with a regular AD service account, not an > MSA. > The account needs to have local administrator rights for the certificate > to be found and used; setting ACL on the keystores is not enough. >
1) The standard on this mailing list is not to top-post. 2) Local administrator rights for the Tomcat service account is an unacceptable security risk IMO. Tomcat should not run with a privileged account on any OS. I would definitely recommend an alternative approach. Bill
