You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/08/29 11:31:00 UTC
[jira] [Commented] (JAMES-3640) Have a configuration parameter to
automatically generate self-signed key materials
[ https://issues.apache.org/jira/browse/JAMES-3640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406399#comment-17406399 ]
Benoit Tellier commented on JAMES-3640:
---------------------------------------
This simpler is likely to rely on JAMES-3639 to support PEM keys and add in the demo docker execution wrapper logic to create the keypair if they are missing.
We could specify overrides from jpa image to point to these certificates / keys.
So far I have a no-input-one-liner for generating the key pair:
{code:java}
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Apache/L=Fundation/O=/CN=james.apache.org" -keyout private.key -out private.csr
{code}
> Have a configuration parameter to automatically generate self-signed key materials
> ----------------------------------------------------------------------------------
>
> Key: JAMES-3640
> URL: https://issues.apache.org/jira/browse/JAMES-3640
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer, POP3Server, SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
>
> Follow up of https://www.mail-archive.com/server-dev@james.apache.org/msg70783.html
> For security concerns, we should remove all
> cryptographic keys from default configuration, including demo images.
> We could then have auto-generation
> configuration option to ensure both convenient and secure set-up for
> demo image - we likely should consider implementing this too.
> That way one would not need to choose between safety and (demo) conveniance.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org