Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3639

Allow to configure SSL from PEM keys (without a keystore)

    XMLWordPrintableJSON

Details

    Description

      This gives the opportunity to inter-operate directly with OpenSSL formats and avoids some potentially tricky configuration steps (importing the keys in a keystore).

      Read related thread on the mailing list: https://www.mail-archive.com/server-dev@james.apache.org/msg70772.html

      How this looks like:

      <tls socketTLS="true" startTLS="false">
  <privateKey>file://conf/private.nopass.key</privateKey>
  <certificates>file://conf/certs.self-signed.csr</certificates>
</tls>

      Tested manually with self signed certificates:

      # Generating your private key
openssl genrsa -des3 -out private.key 2048

# Creating your certificates
openssl req -new -key private.key -out certs.csr

# Signing the certificate yourself
openssl x509 -req -days 365 -in certs.csr -signkey private.key -out certs.self-signed.csr

# Removing the password from the private key
# Not necessary if you supply the secret in the configuration
openssl rsa -in private.key -out private.nopass.key

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #626

          Activity

            People

              aduprat Antoine Duprat
              btellier Benoit Tellier
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 2h 20m
                  2h 20m