开发者

Implementation of Clientside Authentification with Apache James

i am using Apache james as a mailserver and i need to implement both side Client- and Serverside Authentification with X509 certificates.

The serverside is pretty easy and only a matter of configuration in the config.xml - but how about clientauth?

Is there a simple way of implementing this by config? In the sockets-Area of the config.xml i can set the authenticate-client to true, but the James wiki says i am only allowed to put only one certificate in the keystore provided under the keystore-section:

 <factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
        <authenticate-client>true</authenticate-client>
        <ssl-factory>
           <keystore>
              <file>conf/@KEYSTORE_FILENAME@</file>
              <password>@KEYSTORE_PASSWORD@</password>
              <key-password>@PRIVATEKEY_PASSWORD@</key-password>
              &开发者_开发知识库lt;type>JKS</type>
              <protocol>TLS</protocol>
              <algorithm>SunX509</algorithm>
           </keystore>
        </ssl-factory>
     </factory>

So if you have some recommendations on how to do this or know a tutorial that deals with this, i would really appreciate if you could share it.

Thank you!


You can put all your certificates in the keystore if you like. But since i needed a clear sepparation of key- and truststore i changed the sources of james so it was possible.

Unfortunately there is no simpler way of doing this.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜