0

As part of our project, we are pushing in the SSL certificates onto the rich clients which try to establish the connection with SSL based web servers through a windows batch script.

This script contains batch statements of the following sort:

%JRE_HOME%\bin\keytool.exe -importcert -alias tcaacc -file tc-acc.pdu.com.cer -keystore %JRE_HOME%\lib\security\cacerts -storepass changeit < say_yes_to_trust.txt >nul 2>nul

As you can see, the password is left exposed here. Is there a way to hide/mask this password from the script?. Please share your opinion.

We work with Windows.

Thanks, Pavan.

Pavan Dittakavi
  • 123
  • 7
  • See [the documentation for keytool under Common Options](http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html#sthref128) Also [you don't need a file to supply YES if you use -noprompt](http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html#sthref140) – dave_thompson_085 Oct 05 '17 at 06:51

1 Answers1

1

I suggest storing the password in a secure file. Then the script would read the file into a variable, and pass the password via a variable.

This will keep your password out of the script itself.

Rodrigo Murillo
  • 450
  • 3
  • 10