You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by "Karsten Otto (Jira)" <se...@james.apache.org> on 2021/11/16 14:15:00 UTC

[jira] [Created] (JAMES-3673) Separate trust store for S3

Karsten Otto created JAMES-3673:
-----------------------------------

             Summary: Separate trust store for S3
                 Key: JAMES-3673
                 URL: https://issues.apache.org/jira/browse/JAMES-3673
             Project: James Server
          Issue Type: Improvement
          Components: Blob
    Affects Versions: master
            Reporter: Karsten Otto


Since James supports S3 blob storage access via HTTPS, it should be possible to configure a specific trust store for validating the S3 server certificate. This lets users "pin" the server certificate, and better separate the trust realms of infrastructure and public services (SMTP, IMAP etc.).

This can be achieved in blob.properties with the usual set of configuration options for such cases, such as:
{code:java}
objectstorage.s3.truststore.path=/conf/s3trust.p12
objectstorage.s3.truststore.type=PKCS12
objectstorage.s3.truststore.secret=yoursecret
objectstorage.s3.truststore.algorithm=SunX509 {code}
T-Shirt size M.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org