[GitHub] [james-project] rouazana commented on a change in pull request #626: JAMES-3639 Allow use PEM keys for SSL

[GitBox <gi...@apache.org>]

rouazana commented on a change in pull request #626:
URL: https://github.com/apache/james-project/pull/626#discussion_r700276431



##########
File path: docs/modules/servers/pages/distributed/configure/ssl.adoc
##########
@@ -21,13 +21,33 @@ for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.
 You need to add a block in the corresponding configuration file (smtpserver.xml, pop3server.xml, imapserver.xml,..)
 
 ....
-<tls socketTLS="false" startTLS="false">
+<tls socketTLS="false" startTLS="true">
   <keystore>file://conf/keystore</keystore>
+  <keystoreType>PKCS12</keystoreType>
   <secret>yoursecret</secret>
   <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
 </tls>
 ....
 
+Alternatively TLS keys can be supplied via PEM files:
+
+....
+<tls socketTLS="true" startTLS="false">
+  <privateKey>file://conf/private.key</privateKey>
+  <certificates>file://conf/certs.self-signed.csr</certificates>

Review comment:
       Often certificates can be provided as a single file and/or as a directory. Would it be possible also to add the complementary directory option?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org