You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Marc Chamberlin <ma...@marcchamberlin.com> on 2014/03/24 03:24:36 UTC
Re: openssl connection problems - Solved
On 03/17/2014 10:36 PM, Marc Chamberlin wrote:
> Hi - I am trying to test the TLS/SSL connection for my James 2.3.2
> server. When using Thunderbird as a client and connecting via TLS/SSL
> protocol I don't have any problems sending/receiving email. I am
> pretty sure that I have set up my private (self-signed) certificate OK
> as this has been working for a long time. I wanted to use TLS/SSL for
> access to the RemoteManager and discovered that I cannot test/use
> openssl? This is what I am seeing when I try connecting on any of the
> ports for the POP3, SMTP or the RemoteManager -
>
> openssl s_client -quiet -connect mydomain.com:portnum
> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
> Signing, CN = StartCom Certification Authority
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> 140032197080744:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1
> alert internal error:s3_pkt.c:1256:SSL alert number 80
> 140032197080744:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:177:
>
> Internal Error??? This does NOT look very healthy and implies sick
> code... Anyone got any ideas on how to fix this?
>
> As always, thanks in advance for any offers of help... Marc...
>
Turns out I had upgraded my openJDK to version 1.7 and there is a jar
file - sunjce_provider.jar file than needs to be copied in to the lib
directory of James. This is obscurely documented in the config.xml file
where it is easily overlooked. It would be far better to also mention
this on the web page at http://james.apache.org/server/2/usingTLS.html
which is the instructions that I was following to enable TLS/SSL
connections.
Marc...
--
"The Truth is out there" - Spooky
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org