Dear Wiki user, You have subscribed to a wiki page or wiki category on "James Wiki" for change notification.
The following page has been changed by VincenzoGianferrari: http://wiki.apache.org/james/UsingSSL ------------------------------------------------------------------------------ </smtpserver-tls> }}} ---- - Enable the ssl factory section of '''<server-sockets>''' (shared with POP3S), replacing the '''<file>''' + Enable the ssl factory section of '''<server-sockets>''' (shared with POP3S), replacing '''<file>''' - with the appropriate certificate keystore address and setting the correct password. + with the appropriate certificate keystore address and setting the correct keystore password and private key password. + {{{ + <factory name="ssl" + class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory"> + <ssl-factory> + <keystore> + <file>conf/keystore</file> + <password>secret</password> + <key-password>keysecret</key-password> + <type>JKS</type> + <protocol>TLS</protocol> + <algorithm>SunX509</algorithm> + <authenticate-client>false</authenticate-client> + </keystore> + </ssl-factory> + </factory> + }}} + + The '''<key-password>''' element must be filled ''even if the private key password is the same as the keystore password''. + + If using James with a version < 3.x, the entry will be as follows (no '''<ssl-factory>''' nor '''<key-password>''' tags, ''and the private key password must be the same as the keystore password''): {{{ <factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory"> @@ -82, +102 @@ </keystore> </factory> }}} + ---- The smtpserver-tls service must be declared in assembly.xml (just duplicate the existing entry for the smtpserver service and change the name to smtpserver-tls): {{{ @@ -204, +225 @@ Important: in the "distinguished name", ''set the "common name" (CN) to the DNS name of your James server'', the one you will use to access it from your mail client (like "mail.xyz.com"). - Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). ''You MUST use the same password here as was used for the keystore password itself''. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.) + Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). ''If using James with version < 3.x, you MUST use the same password here as was used for the keystore password itself''. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.) If everything was successful, you now have a keystore file with a Certificate that can be used by your server. @@ -258, +279 @@ -trustcacerts -file <your_certificate_filename> }}} -
