Implementation of Clientside Authentification with Apache James
i am using Apache james as a mailserver and i need to implement both side Client- and Serverside Authentification with X509 certificates.
The serverside is pretty easy and only a matter of configuration in the config.xml - but how about clientauth?
Is there a simple way of implementing this by config? In the sockets-Area of the config.xml i can set the authenticate-client to true, but the James wiki says i am only allowed to put only one certificate in the keystore provided under the keystore-section:
<factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
<authenticate-client>true</authenticate-client>
<ssl-factory>
<keystore>
<file>conf/@KEYSTORE_FILENAME@</file>
<password>@KEYSTORE_PASSWORD@</password>
<key-password>@PRIVATEKEY_PASSWORD@</key-password>
&开发者_开发知识库lt;type>JKS</type>
<protocol>TLS</protocol>
<algorithm>SunX509</algorithm>
</keystore>
</ssl-factory>
</factory>
So if you have some recommendations on how to do this or know a tutorial that deals with this, i would really appreciate if you could share it.
Thank you!
You can put all your certificates in the keystore if you like. But since i needed a clear sepparation of key- and truststore i changed the sources of james so it was possible.
Unfortunately there is no simpler way of doing this.
精彩评论