You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/04 04:29:00 UTC
[jira] [Commented] (JAMES-2631) TLS 1.2 problems with Certificate
Request
[ https://issues.apache.org/jira/browse/JAMES-2631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409794#comment-17409794 ]
Benoit Tellier commented on JAMES-2631:
---------------------------------------
Recent work led me to discover one can specify the trust store for javax.mail (and thus remoteDelivery) using:
{code:java}
-Djavax.net.ssl.trustStore=/root/conf/keystore
{code}
This should allow solving your issue.
Reopen if it is not the case.
Also I encourage you migrating to recent James versions.
Regards,
Benoit
> TLS 1.2 problems with Certificate Request
> -----------------------------------------
>
> Key: JAMES-2631
> URL: https://issues.apache.org/jira/browse/JAMES-2631
> Project: James Server
> Issue Type: Bug
> Affects Versions: 3.0.1
> Reporter: Arnau Rebassa
> Priority: Major
> Attachments: james_response.png, server_request.png
>
>
> We are using james 3.0.1 configured to use TLS in remote deliveries. The sending of emails over TLS is working fine but we have problems sending emails to a particular server which performs a "Certificate Request". When this happens, in a tcpdump capture I can see that, James returns an error Alert (Level: Fatal, Description: Certificate Unknown).
>
> The certificate used by the remote server is issued by a well know CA. In the picture server_request.png you can see as the remote server requests a "Certificate request" to the client (in this case to James).
>
> In the file james_reponse.png you can see how James sends a Fatal alert.
>
> I have been looking into the documentation but I haven't found the way to specify a keystore in the mailetcontainer.xml. Is this possible? Anyone knows how to fix this?
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org