[
https://issues.apache.org/jira/browse/JAMES-3639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17413088#comment-17413088
]
Benoit Tellier edited comment on JAMES-3639 at 9/10/21, 10:10 AM:
------------------------------------------------------------------
> What about a webadmin endpoint to reread the certificates/keys?
Overkill to me.
Modern people would do a rolling restart in K8S behind a load-balancer and just
have statically loaded applications. Lets let modern trusted tools handle
complex topics like configuration reload, rather than implementing yet-another
tricky technical trick ourselves...
was (Author: btellier):
> What about a webadmin endpoint to reread the certificates/keys?
Overkill.
Modern people would do a rolling restart in K8S behind a load-balancer and just
have statically loaded applications. Lets let modern trusted tools handle
complex topics like configuration reload, rather than implementing yet-another
tricky technical trick ourselves...
> Allow to configure SSL from PEM keys (without a keystore)
> ---------------------------------------------------------
>
> Key: JAMES-3639
> URL: https://issues.apache.org/jira/browse/JAMES-3639
> Project: James Server
> Issue Type: Improvement
> Components: IMAPServer, JMAP, POP3Server, SMTPServer
> Reporter: Benoit Tellier
> Assignee: Antoine Duprat
> Priority: Major
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> This gives the opportunity to inter-operate directly with OpenSSL formats and
> avoids some potentially tricky configuration steps (importing the keys in a
> keystore).
> Read related thread on the mailing list:
> https://www.mail-archive.com/server-dev@james.apache.org/msg70772.html
> How this looks like:
> {code:java}
> <tls socketTLS="true" startTLS="false">
> <privateKey>file://conf/private.nopass.key</privateKey>
> <certificates>file://conf/certs.self-signed.csr</certificates>
> </tls>
> {code}
> Tested manually with self signed certificates:
> {code:java}
> # Generating your private key
> openssl genrsa -des3 -out private.key 2048
> # Creating your certificates
> openssl req -new -key private.key -out certs.csr
> # Signing the certificate yourself
> openssl x509 -req -days 365 -in certs.csr -signkey private.key -out
> certs.self-signed.csr
> # Removing the password from the private key
> # Not necessary if you supply the secret in the configuration
> openssl rsa -in private.key -out private.nopass.key
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
