Implementation of Clientside Authentification with Apache James

i am using Apache james as a mailserver and i need to implement both side Client- and Serverside Authentification with X509 certificates.

The serverside is pretty easy and only a matter of configuration in the config.xml - but how about clientauth?

Is there a simple way of implementing this by config? In the sockets-Area of the config.xml i can set the authenticate-client to true, but the James wiki says i am only allowed to put only one certificate in the keystore provided under the keystore-section:

 <factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
        <authenticate-client>true</authenticate-client>
        <ssl-factory>
           <keystore>
              <file>conf/@KEYSTORE_FILENAME@</file>
              <password>@KEYSTORE_PASSWORD@</password>
              <key-password>@PRIVATEKEY_PASSWORD@</key-password>
              &开发者_开发知识库lt;type>JKS</type>
              <protocol>TLS</protocol>
              <algorithm>SunX509</algorithm>
           </keystore>
        </ssl-factory>
     </factory>

So if you have some recommendations on how to do this or know a tutorial that deals with this, i would really appreciate if you could share it.

Thank you!

You can put all your certificates in the keystore if you like. But since i needed a clear sepparation of key- and truststore i changed the sources of james so it was possible.

Unfortunately there is no simpler way of doing this.