Securing Tomcat's server.xml


[H]F Junkie
Sep 6, 2007
I've inherited a problem that I'm trying to make less of a problem. We have a site that runs on Apache Tomcat 7 running on a Windows Server 2016. *insert groans here*.

So, we mandated that all of our websites use 443/HTTPS. I was able to hack my way through getting the server.xml updated with our cert and password for the cert. It is no longer using a Java keystore.

Anyway, is there a good tip or trick on securing the server.xml file? It has our cert password in plain text....and I'm not crazy about that.