1

i am using Apache james as a mailserver and i need to implement both side Client- and Serverside Authentification with X509 certificates.

The serverside is pretty easy and only a matter of configuration in the config.xml - but how about clientauth?

Is there a simple way of implementing this by config? In the sockets-Area of the config.xml i can set the authenticate-client to true, but the James wiki says i am only allowed to put only one certificate in the keystore provided under the keystore-section:

 <factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
        <authenticate-client>true</authenticate-client>
        <ssl-factory>
           <keystore>
              <file>conf/@KEYSTORE_FILENAME@</file>
              <password>@KEYSTORE_PASSWORD@</password>
              <key-password>@PRIVATEKEY_PASSWORD@</key-password>
              <type>JKS</type>
              <protocol>TLS</protocol>
              <algorithm>SunX509</algorithm>
           </keystore>
        </ssl-factory>
     </factory>

So if you have some recommendations on how to do this or know a tutorial that deals with this, i would really appreciate if you could share it.

Thank you!

Sebastian
  • 786
  • 1
  • 8
  • 22
  • Turns out the above described way works fine, just hat some certificate issues! – Sebastian Oct 21 '11 at 06:23
  • can you please post an answer to the question yourself and then accept that answer? Also, you need to accept answers to previous questions if they fix your problem. – Zecas May 17 '12 at 16:08

1 Answers1

0

You can put all your certificates in the keystore if you like. But since i needed a clear sepparation of key- and truststore i changed the sources of james so it was possible.

Unfortunately there is no simpler way of doing this.

Sebastian
  • 786
  • 1
  • 8
  • 22