This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Tomcat and the fly likes how to pass the keystorePass as encrypted password in server.xml for https configuration Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Tomcat
Bookmark "how to pass the keystorePass as encrypted password in server.xml for https configuration" Watch "how to pass the keystorePass as encrypted password in server.xml for https configuration" New topic
Author

how to pass the keystorePass as encrypted password in server.xml for https configuration

Anantha Reddy
Greenhorn

Joined: Jun 24, 2008
Posts: 12
Hi All

how to pass the keystorePass as encrypted password in server.xml for https configuration?
ex: this is my server.xml

<Connector SSLEnabled="true" scheme="https" secure="true" port="8443"
protocol="HTTP/1.1" clientAuth="false" keystoreFile="C:\ServerDir\certs\CH_Keystore.jks" keystorePass="checpix"
keyAlias="checpix"/>

i want to pass the 'keystorePass' attribtue value as 'encrypted', but its a server or jvm level change require i think, bcz of these keystore
are stored in server level only, not in code level.

is there any way to send encrypted pwd instead of sending plain text password?
or
is there any way to send the keystore file and password through jvm level setting?

Thanks
Ananth
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17026
    
  26

I don't have a clue what you are asking. You don't "pass" the keystore password, you specify it on the server.xml Connector element for TLS. The value is not encrypted because the server.xml file is not something that non-authorized users can look at. At least it isn't if you are following even the most basic security practices for a secure shop.

Customer surveys are for companies who didn't pay proper attention to begin with.
 
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
 
subject: how to pass the keystorePass as encrypted password in server.xml for https configuration
 
It's not a secret anymore!