[
https://issues.apache.org/jira/browse/JAMES-3639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17407006#comment-17407006
]
Benoit Tellier commented on JAMES-3639:
---------------------------------------
Yes this was proposed by Otto and the ticket number is JAMES-3638.
> Allow to configure SSL from PEM keys (without a keystore)
> ---------------------------------------------------------
>
> Key: JAMES-3639
> URL: https://issues.apache.org/jira/browse/JAMES-3639
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer, JMAP, POP3Server, SMTPServer
> Reporter: Benoit Tellier
> Assignee: Antoine Duprat
> Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> This gives the opportunity to inter-operate directly with OpenSSL formats and
> avoids some potentially tricky configuration steps (importing the keys in a
> keystore).
> Read related thread on the mailing list:
> https://www.mail-archive.com/[email protected]/msg70772.html
> How this looks like:
> {code:java}
> <tls socketTLS="true" startTLS="false">
> <privateKey>file://conf/private.nopass.key</privateKey>
> <certificates>file://conf/certs.self-signed.csr</certificates>
> </tls>
> {code}
> Tested manually with self signed certificates:
> {code:java}
> # Generating your private key
> openssl genrsa -des3 -out private.key 2048
> # Creating your certificates
> openssl req -new -key private.key -out certs.csr
> # Signing the certificate yourself
> openssl x509 -req -days 365 -in certs.csr -signkey private.key -out
> certs.self-signed.csr
> # Removing the password from the private key
> # Not necessary if you supply the secret in the configuration
> openssl rsa -in private.key -out private.nopass.key
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
