Google Git
Sign in
apache / james-site / a92fa6ef34b4ad4bdd3caff9c602c28281ff6677 / . / content / server / 2.3.2 / usingTLS.html
blob: 1c2e829f3227c6d6d1443fde4f57c2778ee23fd2 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>James Server -
James 2.3 - Using TLS</title>
<style type="text/css" media="all">
@import url("./css/maven-base.css");
@import url("./css/maven-theme.css");
@import url("./css/site.css");
</style>
<link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head>
<body class="composite">
<div id="banner">
<a href="http://james.apache.org/index.html" id="bannerLeft">
<img src="images/james-server-logo.gif" alt="" />
</a>
<a href="http://www.apache.org/index.html" id="bannerRight">
<img src="images/asf-logo-reduced.gif" alt="" />
</a>
<div class="clear">
<hr/>
</div>
</div>
<div id="breadcrumbs">
<div class="xleft">
Last Published: 09/02/2009
</div>
<div class="xright"> <a href="../../index.html">JAMES Project</a>
|
<a href="../../server/index.html">Server</a>
|
<a href="../../mailet/index.html">Mailets</a>
|
<a href="../../jspf/index.html">jSPF</a>
|
<a href="../../mime4j/index.html">Mime4J</a>
|
<a href="../../jsieve/index.html">JSieve</a>
|
<a href="../../postage/index.html">Postage</a>
</div>
<div class="clear">
<hr/>
</div>
</div>
<div id="leftColumn">
<div id="navcolumn">
<h5>James Server</h5>
<ul>
<li class="none">
<a href="../index.html">Overview</a>
</li>
<li class="none">
<a href="../design_objectives.html">Objectives</a>
</li>
<li class="expanded">
<a href="../FAQ.html">James FAQ</a>
<ul>
<li class="none">
<a href="../james_and_sendmail.html">James and Sendmail</a>
</li>
</ul>
</li>
<li class="none">
<a href="http://wiki.apache.org/james">Wiki</a>
</li>
<li class="none">
<a href="../rfclist.html">Useful RFCs</a>
</li>
</ul>
<h5>Overview</h5>
<ul>
<li class="none">
<a href="index.html">Introduction</a>
</li>
<li class="none">
<a href="release-notes.html">Release Notes</a>
</li>
</ul>
<h5>Concepts</h5>
<ul>
<li class="none">
<a href="summary.html">Summary</a>
</li>
<li class="none">
<a href="spoolmanager.html">SpoolManager</a>
</li>
<li class="none">
<a href="repositories.html">Repositories</a>
</li>
<li class="none">
<a href="mailet_api.html">The Mailet API</a>
</li>
</ul>
<h5>How to...</h5>
<ul>
<li class="none">
<a href="build_instructions.html">Build James</a>
</li>
<li class="none">
<a href="installation_instructions.html">Install James</a>
</li>
</ul>
<h5>Configuration</h5>
<ul>
<li class="none">
<a href="dns_configuration.html">DNS Server</a>
</li>
<li class="none">
<a href="pop3_configuration.html">POP3 Server</a>
</li>
<li class="none">
<a href="smtp_configuration.html">SMTP Server</a>
</li>
<li class="none">
<a href="nntp_configuration.html">NNTP Server</a>
</li>
<li class="none">
<a href="fetchmail_configuration.html">FetchMail</a>
</li>
<li class="none">
<a href="remotemanager_configuration.html">RemoteManager</a>
</li>
<li class="none">
<a href="spoolmanager_configuration.html">SpoolManager</a>
</li>
<li class="none">
<a href="serverwide_configuration.html">Server-wide</a>
</li>
<li class="none">
<a href="adding_users.html">Adding Users</a>
</li>
<li class="none">
<a href="provided_matchers.html">Provided Matchers</a>
</li>
<li class="none">
<a href="provided_mailets.html">Provided Mailets</a>
</li>
</ul>
<h5>Common Configurations</h5>
<ul>
<li class="none">
<a href="smtp_auth.html">Using SMTP AUTH</a>
</li>
<li class="none">
<a href="using_database.html">Using a Database with James</a>
</li>
<li class="none">
<strong>Using TLS/SSL</strong>
</li>
<li class="none">
<a href="mailing_lists.html">Creating Mailing Lists</a>
</li>
</ul>
<h5>Customization</h5>
<ul>
<li class="none">
<a href="custom_matcher.html">How to write a custom Matcher</a>
</li>
<li class="none">
<a href="custom_mailet.html">How to write a custom Mailet</a>
</li>
</ul>
<h5>Project</h5>
<ul>
<li class="none">
<a href="changelog.html">Changelog</a>
</li>
</ul>
<h5>Project Documentation</h5>
<ul>
<li class="collapsed">
<a href="project-info.html">Project Information</a>
</li>
<li class="collapsed">
<a href="project-reports.html">Project Reports</a>
</li>
</ul>
<h5>Project</h5>
<ul>
<li class="none">
<a href="http://issues.apache.org/jira/browse/JAMES">Bug Database</a>
</li>
<li class="none">
<a href="http://svn.apache.org/viewvc/james/server/">Source Code</a>
</li>
<li class="none">
<a href="../todo.html">TODO</a>
</li>
</ul>
<h5>Downloads</h5>
<ul>
<li class="none">
<a href="../../download.cgi">Stable releases</a>
</li>
<li class="none">
<a href="../../downloadunstable.cgi">Unstable releases</a>
</li>
<li class="none">
<a href="http://people.apache.org/builds/james/nightly/">Nightly builds</a>
</li>
</ul>
<a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
<img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
</a>
</div>
</div>
<div id="bodyColumn">
<div id="contentBox">
<a name="James 2.3 - Using TLS"></a><div class="section"><h2>James 2.3 - Using TLS</h2>
<p>
This document explains how to enable James 2.3 services to use Transport Layer Security (TLS) for encrypted client-server communication.</p>
<a name="Making TLS/SSL Server Sockets Available Inside James"></a><div class="section"><h3>Making TLS/SSL Server Sockets Available Inside James</h3>
<p>James uses the Sun Java Secure Sockets Extension (JSSE) infrastructure to provide TLS/SSL
sockets. JSSE comes packaged with several vendor Java distributions (i.e. Sun Java 1.4.x,
IBM Java 1.3.x). For these distributions, please follow the vendor provided instructions for
configuring the JVM to use JSSE services.</p>
<p>If you are using a Java distribution that does not include JSSE as part of the
distribution you will need to download the JSSE package separately. It can be obtained from
<a href="http://java.sun.com/products/jsse">here</a>. Please follow Sun's instructions for installation
and configuration of JSSE.</p>
<p>In either case, you will need to statically define a JSSE TLS provider. In general, this
is the default installation.</p>
<p>Once you've installed JSSE, James still needs to be configured to take advantage of the JSSE
functionality.</p>
</div>
<a name="Certificate Keystores"></a><div class="section"><h3>Certificate Keystores</h3>
<p>To use TLS/SSL inside James you will need a certificate keystore.</p>
</div>
<a name="Configuring the Server Socket Factory"></a><div class="section"><h3>Configuring the Server Socket Factory</h3>
<p>The out of the box configuration file contains a template for the SSL configuration in place. Specifically,
in the sockets block, under the server-sockets element, there is a commented out factory with the
name &quot;ssl&quot;. The first step to configuring the server socket factory is uncommenting out this element.</p>
<p>The factory element contains several children. Of these, it should only be necessary to adjust two or three children.</p>
<p>The required file element specifies the location of the keystore to be used by the factory. This is specified
as a file path using Unix-style formatting. The path is taken to be relative to the apps/james/ subdirectory of
the application installation directory unless an absolute path is specified.</p>
<p>The password element should be set to the keystore password. This password should have been specified
when the keystore was created, and it is required to open the keystore. This value is required.</p>
<p>Finally, it may be necessary to adjust the type element. This element can take on any keystore type
supported by the JSSE provider being used (see the JSSE documentation for details). The out of the box
configuration specifies JKS (Java Keystore).</p>
<p>The remaining children should not need to be deleted or adjusted.</p>
</div>
<a name="Configuring a Service to Use TLS"></a><div class="section"><h3>Configuring a Service to Use TLS</h3>
<p>Each of the services - <a href="smtp_configuration.html">SMTP</a>,
<a href="pop3_configuration.html">POP3</a>, <a href="nntp_configuration.html">NNTP</a>,
and <a href="remotemanager_configuration.html">RemoteManager</a> - supports use of TLS. Each of
these services has an optional boolean configuration element <b>useTLS</b> which is used to toggle
use of TLS for the service. When this value is set to true, that particular service will use the &quot;ssl&quot;
server socket factory to spawn server sockets.</p>
</div>
<a name="Verifying a TLS-enabled James Service"></a><div class="section"><h3>Verifying a TLS-enabled James Service</h3>
<p>After you've configured a particular service to use TLS/SSL connections, the service port
should no longer accept unencrypted TCP/IP connections. This can be tested by using a telnet
client to directly connect to the service port. The telnet connection should simply hang until
the client times out.</p>
<p>
To validate that the port is properly accepting SSL connections an SSL client can be used to
open a connection to the service port. One such client is OpenSSL, available from the
<a href="http://www.openssl.org">OpenSSL web site</a>. Follow the instructions provided with
the SSL client to create a connection to the service port. Upon connection, the usual
service greeting should appear.</p>
</div>
</div>
</div>
</div>
<div class="clear">
<hr/>
</div>
<div id="footer">
<div class="xright">&#169;
2002-2009
The Apache Software Foundation
</div>
<div class="clear">
<hr/>
</div>
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-1384591-1";
urchinTracker();
</script>
</body>
</html>