You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/09/13 01:29:00 UTC

[jira] [Closed] (JAMES-3639) Allow to configure SSL from PEM keys (without a keystore)

     [ https://issues.apache.org/jira/browse/JAMES-3639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benoit Tellier closed JAMES-3639.
---------------------------------
    Fix Version/s: 3.7.0
       Resolution: Fixed

> Allow to configure SSL from PEM keys (without a keystore)
> ---------------------------------------------------------
>
>                 Key: JAMES-3639
>                 URL: https://issues.apache.org/jira/browse/JAMES-3639
>             Project: James Server
>          Issue Type: Improvement
>          Components: IMAPServer, JMAP, POP3Server, SMTPServer
>            Reporter: Benoit Tellier
>            Assignee: Antoine Duprat
>            Priority: Major
>             Fix For: 3.7.0
>
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> This gives the opportunity to inter-operate directly with OpenSSL formats and avoids some potentially tricky configuration steps (importing the keys in a keystore).
> Read related thread on the mailing list: https://www.mail-archive.com/server-dev@james.apache.org/msg70772.html
> How this looks like:
> {code:java}
> <tls socketTLS="true" startTLS="false">
>   <privateKey>file://conf/private.nopass.key</privateKey>
>   <certificates>file://conf/certs.self-signed.csr</certificates>
> </tls>
> {code}
> Tested manually with self signed certificates:
> {code:java}
> # Generating your private key
> openssl genrsa -des3 -out private.key 2048
> # Creating your certificates
> openssl req -new -key private.key -out certs.csr
> # Signing the certificate yourself
> openssl x509 -req -days 365 -in certs.csr -signkey private.key -out certs.self-signed.csr
> # Removing the password from the private key
> # Not necessary if you supply the secret in the configuration
> openssl rsa -in private.key -out private.nopass.key
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org