You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Ioan Eugen Stan (Jira)" <se...@james.apache.org> on 2021/09/09 08:44:00 UTC

[jira] [Commented] (JAMES-3639) Allow to configure SSL from PEM keys (without a keystore)

    [ https://issues.apache.org/jira/browse/JAMES-3639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17412450#comment-17412450 ] 

Ioan Eugen Stan commented on JAMES-3639:
----------------------------------------

Does it work with letsencrypt certificates ?
Should we add an issue for that? 

[https://letsencrypt.org/docs/faq/#does-let-s-encrypt-issue-certificates-for-anything-other-than-ssl-tls-for-websites]

 

NOTE: The certificates are renewed periodically we might need a solution to reload them in James. 
Restart is a valid solution but we might be able to do a reload as well. 

> Allow to configure SSL from PEM keys (without a keystore)
> ---------------------------------------------------------
>
>                 Key: JAMES-3639
>                 URL: https://issues.apache.org/jira/browse/JAMES-3639
>             Project: James Server
>          Issue Type: Improvement
>          Components: IMAPServer, JMAP, POP3Server, SMTPServer
>            Reporter: Benoit Tellier
>            Assignee: Antoine Duprat
>            Priority: Major
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> This gives the opportunity to inter-operate directly with OpenSSL formats and avoids some potentially tricky configuration steps (importing the keys in a keystore).
> Read related thread on the mailing list: https://www.mail-archive.com/server-dev@james.apache.org/msg70772.html
> How this looks like:
> {code:java}
> <tls socketTLS="true" startTLS="false">
>   <privateKey>file://conf/private.nopass.key</privateKey>
>   <certificates>file://conf/certs.self-signed.csr</certificates>
> </tls>
> {code}
> Tested manually with self signed certificates:
> {code:java}
> # Generating your private key
> openssl genrsa -des3 -out private.key 2048
> # Creating your certificates
> openssl req -new -key private.key -out certs.csr
> # Signing the certificate yourself
> openssl x509 -req -days 365 -in certs.csr -signkey private.key -out certs.self-signed.csr
> # Removing the password from the private key
> # Not necessary if you supply the secret in the configuration
> openssl rsa -in private.key -out private.nopass.key
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org