You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Jerry Malcolm <te...@malcolms.com> on 2019/09/25 16:56:21 UTC
LetsEncrypt Certificates Not Trusted
Still nothing on making the logs work... While waiting on that, I'm
moving to SSL. I was not using SSL on beta5. So this is likely a
generic SSL question not specific to 3.3.0. See the setup and
configuration info below. When I try to create an account in
Thunderbird and also in an iPhone, both Tbird and iPhone say the
certificate is not trusted. Any idea what I did wrong?
I have a domain certificate/chain issued by LetsEncrypt that works in
httpd. I issued the following three commands per the James SSL setup page:
keytool -genkeypair -alias simple-cert -keyalg RSA -keysize 2048
-keystore imapJwmHosting.jks -dname CN=imap1.jwmhosting.com
keytool -import -alias root -keystore
/etc/letsencrypt/live/imap1.jwmhosting.com/imapJwmHosting.jks
-trustcacerts -file /etc/letsencrypt/live/imap1.jwmhosting.com/chain.pem
keytool -import -alias james -keystore
/etc/letsencrypt/live/imap1.jwmhosting.com/imapJwmHosting.jks
-trustcacerts -file /etc/letsencrypt/live/imap1.jwmhosting.com/cert.pem
In imapserver.xml:
<tls socketTLS="true" startTLS="false">
<keystore>file://conf/keystore/imap1.jwmhosting.com/imapJwmHosting.jks</keystore>
<secret>xxxxxxxx</secret>
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
</tls>
Same process for the smtp side.