To configure SSL in AEM 6.1, we add the properties for ~~org.apache.felix.http under /apps/system/config.author/. The values for properties such as org.apache.felix.https.keystore.key.password ~~org.apache.felix.https.keystore.truststore.password are not encrypted and can be seen by anyone who has access to crxde as they are plain text. This is a vulnerability and is there anything that can be done to keep it more secured?
-Venkatesh.
