Benoit Tellier created JAMES-3639:
-------------------------------------
Summary: Allow to configure SSL from PEM keys (without a keystore)
Key: JAMES-3639
URL: https://issues.apache.org/jira/browse/JAMES-3639
Project: James Server
Issue Type: Improvement
Components: IMAPServer, JMAP, POP3Server, SMTPServer
Reporter: Benoit Tellier
Assignee: Antoine Duprat
This gives the opportunity to inter-operate directly with OpenSSL formats and
avoids some potentially tricky configuration steps (importing the keys in a
keystore).
Read related thread on the mailing list:
https://www.mail-archive.com/[email protected]/msg70772.html
How this looks like:
{code:java}
<tls socketTLS="true" startTLS="false">
<privateKey>file://conf/private.nopass.key</privateKey>
<certificates>file://conf/certs.self-signed.csr</certificates>
</tls>
{code}
Tested manually with self signed certificates:
{code:java}
# Generating your private key
openssl genrsa -des3 -out private.key 2048
# Creating your certificates
openssl req -new -key private.key -out certs.csr
# Signing the certificate yourself
openssl x509 -req -days 365 -in certs.csr -signkey private.key -out
certs.self-signed.csr
# Removing the password from the private key
# Not necessary if you supply the secret in the configuration
openssl rsa -in private.key -out private.nopass.key
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
