[
https://issues.apache.org/jira/browse/JAMES-3640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17406399#comment-17406399
]
Benoit Tellier commented on JAMES-3640:
---------------------------------------
This simpler is likely to rely on JAMES-3639 to support PEM keys and add in the
demo docker execution wrapper logic to create the keypair if they are missing.
We could specify overrides from jpa image to point to these certificates / keys.
So far I have a no-input-one-liner for generating the key pair:
{code:java}
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj
"/C=US/ST=Apache/L=Fundation/O=/CN=james.apache.org" -keyout private.key -out
private.csr
{code}
> Have a configuration parameter to automatically generate self-signed key
> materials
> ----------------------------------------------------------------------------------
>
> Key: JAMES-3640
> URL: https://issues.apache.org/jira/browse/JAMES-3640
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer, POP3Server, SMTPServer
> Reporter: Benoit Tellier
> Priority: Major
>
> Follow up of
> https://www.mail-archive.com/[email protected]/msg70783.html
> For security concerns, we should remove all
> cryptographic keys from default configuration, including demo images.
> We could then have auto-generation
> configuration option to ensure both convenient and secure set-up for
> demo image - we likely should consider implementing this too.
> That way one would not need to choose between safety and (demo) conveniance.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
