You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Karsten Otto (Jira)" <se...@james.apache.org> on 2021/11/16 14:15:00 UTC
[jira] [Created] (JAMES-3673) Separate trust store for S3
Karsten Otto created JAMES-3673:
-----------------------------------
Summary: Separate trust store for S3
Key: JAMES-3673
URL: https://issues.apache.org/jira/browse/JAMES-3673
Project: James Server
Issue Type: Improvement
Components: Blob
Affects Versions: master
Reporter: Karsten Otto
Since James supports S3 blob storage access via HTTPS, it should be possible to configure a specific trust store for validating the S3 server certificate. This lets users "pin" the server certificate, and better separate the trust realms of infrastructure and public services (SMTP, IMAP etc.).
This can be achieved in blob.properties with the usual set of configuration options for such cases, such as:
{code:java}
objectstorage.s3.truststore.path=/conf/s3trust.p12
objectstorage.s3.truststore.type=PKCS12
objectstorage.s3.truststore.secret=yoursecret
objectstorage.s3.truststore.algorithm=SunX509 {code}
T-Shirt size M.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org