You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2021/08/29 10:00:00 UTC
[jira] [Created] (JAMES-3639) Allow to configure SSL from PEM keys
(without a keystore)
Benoit Tellier created JAMES-3639:
-------------------------------------
Summary: Allow to configure SSL from PEM keys (without a keystore)
Key: JAMES-3639
URL: https://issues.apache.org/jira/browse/JAMES-3639
Project: James Server
Issue Type: Improvement
Components: IMAPServer, JMAP, POP3Server, SMTPServer
Reporter: Benoit Tellier
Assignee: Antoine Duprat
This gives the opportunity to inter-operate directly with OpenSSL formats and avoids some potentially tricky configuration steps (importing the keys in a keystore).
Read related thread on the mailing list: https://www.mail-archive.com/server-dev@james.apache.org/msg70772.html
How this looks like:
{code:java}
<tls socketTLS="true" startTLS="false">
<privateKey>file://conf/private.nopass.key</privateKey>
<certificates>file://conf/certs.self-signed.csr</certificates>
</tls>
{code}
Tested manually with self signed certificates:
{code:java}
# Generating your private key
openssl genrsa -des3 -out private.key 2048
# Creating your certificates
openssl req -new -key private.key -out certs.csr
# Signing the certificate yourself
openssl x509 -req -days 365 -in certs.csr -signkey private.key -out certs.self-signed.csr
# Removing the password from the private key
# Not necessary if you supply the secret in the configuration
openssl rsa -in private.key -out private.nopass.key
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org