| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <html> |
| <head> |
| <title>James Server - |
| James 2.3 - Using TLS</title> |
| <style type="text/css" media="all"> |
| @import url("./css/maven-base.css"); |
| @import url("./css/maven-theme.css"); |
| @import url("./css/site.css"); |
| </style> |
| <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="http://james.apache.org/index.html" id="bannerLeft"> |
| |
| <img src="images/james-server-logo.gif" alt="" /> |
| |
| </a> |
| <a href="http://www.apache.org/index.html" id="bannerRight"> |
| |
| <img src="images/asf-logo-reduced.gif" alt="" /> |
| |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| |
| |
| |
| |
| |
| <div class="xleft"> |
| Last Published: 09/02/2009 |
| </div> |
| <div class="xright"> <a href="../../index.html">JAMES Project</a> |
| | |
| <a href="../../server/index.html">Server</a> |
| | |
| <a href="../../mailet/index.html">Mailets</a> |
| | |
| <a href="../../jspf/index.html">jSPF</a> |
| | |
| <a href="../../mime4j/index.html">Mime4J</a> |
| | |
| <a href="../../jsieve/index.html">JSieve</a> |
| | |
| <a href="../../postage/index.html">Postage</a> |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| |
| |
| |
| |
| |
| <h5>James Server</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../index.html">Overview</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../design_objectives.html">Objectives</a> |
| </li> |
| |
| |
| |
| |
| |
| <li class="expanded"> |
| <a href="../FAQ.html">James FAQ</a> |
| <ul> |
| |
| <li class="none"> |
| <a href="../james_and_sendmail.html">James and Sendmail</a> |
| </li> |
| </ul> |
| </li> |
| |
| <li class="none"> |
| <a href="http://wiki.apache.org/james">Wiki</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../rfclist.html">Useful RFCs</a> |
| </li> |
| </ul> |
| <h5>Overview</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="index.html">Introduction</a> |
| </li> |
| |
| <li class="none"> |
| <a href="release-notes.html">Release Notes</a> |
| </li> |
| </ul> |
| <h5>Concepts</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="summary.html">Summary</a> |
| </li> |
| |
| <li class="none"> |
| <a href="spoolmanager.html">SpoolManager</a> |
| </li> |
| |
| <li class="none"> |
| <a href="repositories.html">Repositories</a> |
| </li> |
| |
| <li class="none"> |
| <a href="mailet_api.html">The Mailet API</a> |
| </li> |
| </ul> |
| <h5>How to...</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="build_instructions.html">Build James</a> |
| </li> |
| |
| <li class="none"> |
| <a href="installation_instructions.html">Install James</a> |
| </li> |
| </ul> |
| <h5>Configuration</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="dns_configuration.html">DNS Server</a> |
| </li> |
| |
| <li class="none"> |
| <a href="pop3_configuration.html">POP3 Server</a> |
| </li> |
| |
| <li class="none"> |
| <a href="smtp_configuration.html">SMTP Server</a> |
| </li> |
| |
| <li class="none"> |
| <a href="nntp_configuration.html">NNTP Server</a> |
| </li> |
| |
| <li class="none"> |
| <a href="fetchmail_configuration.html">FetchMail</a> |
| </li> |
| |
| <li class="none"> |
| <a href="remotemanager_configuration.html">RemoteManager</a> |
| </li> |
| |
| <li class="none"> |
| <a href="spoolmanager_configuration.html">SpoolManager</a> |
| </li> |
| |
| <li class="none"> |
| <a href="serverwide_configuration.html">Server-wide</a> |
| </li> |
| |
| <li class="none"> |
| <a href="adding_users.html">Adding Users</a> |
| </li> |
| |
| <li class="none"> |
| <a href="provided_matchers.html">Provided Matchers</a> |
| </li> |
| |
| <li class="none"> |
| <a href="provided_mailets.html">Provided Mailets</a> |
| </li> |
| </ul> |
| <h5>Common Configurations</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="smtp_auth.html">Using SMTP AUTH</a> |
| </li> |
| |
| <li class="none"> |
| <a href="using_database.html">Using a Database with James</a> |
| </li> |
| |
| <li class="none"> |
| <strong>Using TLS/SSL</strong> |
| </li> |
| |
| <li class="none"> |
| <a href="mailing_lists.html">Creating Mailing Lists</a> |
| </li> |
| </ul> |
| <h5>Customization</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="custom_matcher.html">How to write a custom Matcher</a> |
| </li> |
| |
| <li class="none"> |
| <a href="custom_mailet.html">How to write a custom Mailet</a> |
| </li> |
| </ul> |
| <h5>Project</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="changelog.html">Changelog</a> |
| </li> |
| </ul> |
| <h5>Project Documentation</h5> |
| <ul> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="project-info.html">Project Information</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="project-reports.html">Project Reports</a> |
| </li> |
| </ul> |
| <h5>Project</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="http://issues.apache.org/jira/browse/JAMES">Bug Database</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://svn.apache.org/viewvc/james/server/">Source Code</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../todo.html">TODO</a> |
| </li> |
| </ul> |
| <h5>Downloads</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../../download.cgi">Stable releases</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../../downloadunstable.cgi">Unstable releases</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://people.apache.org/builds/james/nightly/">Nightly builds</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy"> |
| <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img> |
| </a> |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| |
| |
| |
| |
| |
| |
| <a name="James 2.3 - Using TLS"></a><div class="section"><h2>James 2.3 - Using TLS</h2> |
| |
| <p> |
| This document explains how to enable James 2.3 services to use Transport Layer Security (TLS) for encrypted client-server communication.</p> |
| |
| <a name="Making TLS/SSL Server Sockets Available Inside James"></a><div class="section"><h3>Making TLS/SSL Server Sockets Available Inside James</h3> |
| <p>James uses the Sun Java Secure Sockets Extension (JSSE) infrastructure to provide TLS/SSL |
| sockets. JSSE comes packaged with several vendor Java distributions (i.e. Sun Java 1.4.x, |
| IBM Java 1.3.x). For these distributions, please follow the vendor provided instructions for |
| configuring the JVM to use JSSE services.</p> |
| |
| <p>If you are using a Java distribution that does not include JSSE as part of the |
| distribution you will need to download the JSSE package separately. It can be obtained from |
| <a href="http://java.sun.com/products/jsse">here</a>. Please follow Sun's instructions for installation |
| and configuration of JSSE.</p> |
| <p>In either case, you will need to statically define a JSSE TLS provider. In general, this |
| is the default installation.</p> |
| <p>Once you've installed JSSE, James still needs to be configured to take advantage of the JSSE |
| functionality.</p> |
| </div> |
| <a name="Certificate Keystores"></a><div class="section"><h3>Certificate Keystores</h3> |
| <p>To use TLS/SSL inside James you will need a certificate keystore.</p> |
| </div> |
| <a name="Configuring the Server Socket Factory"></a><div class="section"><h3>Configuring the Server Socket Factory</h3> |
| <p>The out of the box configuration file contains a template for the SSL configuration in place. Specifically, |
| in the sockets block, under the server-sockets element, there is a commented out factory with the |
| name "ssl". The first step to configuring the server socket factory is uncommenting out this element.</p> |
| <p>The factory element contains several children. Of these, it should only be necessary to adjust two or three children.</p> |
| <p>The required file element specifies the location of the keystore to be used by the factory. This is specified |
| as a file path using Unix-style formatting. The path is taken to be relative to the apps/james/ subdirectory of |
| the application installation directory unless an absolute path is specified.</p> |
| <p>The password element should be set to the keystore password. This password should have been specified |
| when the keystore was created, and it is required to open the keystore. This value is required.</p> |
| <p>Finally, it may be necessary to adjust the type element. This element can take on any keystore type |
| supported by the JSSE provider being used (see the JSSE documentation for details). The out of the box |
| configuration specifies JKS (Java Keystore).</p> |
| <p>The remaining children should not need to be deleted or adjusted.</p> |
| </div> |
| <a name="Configuring a Service to Use TLS"></a><div class="section"><h3>Configuring a Service to Use TLS</h3> |
| <p>Each of the services - <a href="smtp_configuration.html">SMTP</a>, |
| <a href="pop3_configuration.html">POP3</a>, <a href="nntp_configuration.html">NNTP</a>, |
| and <a href="remotemanager_configuration.html">RemoteManager</a> - supports use of TLS. Each of |
| these services has an optional boolean configuration element <b>useTLS</b> which is used to toggle |
| use of TLS for the service. When this value is set to true, that particular service will use the "ssl" |
| server socket factory to spawn server sockets.</p> |
| </div> |
| <a name="Verifying a TLS-enabled James Service"></a><div class="section"><h3>Verifying a TLS-enabled James Service</h3> |
| <p>After you've configured a particular service to use TLS/SSL connections, the service port |
| should no longer accept unencrypted TCP/IP connections. This can be tested by using a telnet |
| client to directly connect to the service port. The telnet connection should simply hang until |
| the client times out.</p> |
| <p> |
| To validate that the port is properly accepting SSL connections an SSL client can be used to |
| open a connection to the service port. One such client is OpenSSL, available from the |
| <a href="http://www.openssl.org">OpenSSL web site</a>. Follow the instructions provided with |
| the SSL client to create a connection to the service port. Upon connection, the usual |
| service greeting should appear.</p> |
| </div> |
| </div> |
| |
| |
| |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright">© |
| 2002-2009 |
| |
| The Apache Software Foundation |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"> |
| </script> |
| <script type="text/javascript"> |
| _uacct = "UA-1384591-1"; |
| urchinTracker(); |
| </script> |
| </body> |
| </html> |