Author: eric Date: Tue Jun 14 09:14:38 2011 New Revision: 1135424 URL: http://svn.apache.org/viewvc?rev=1135424&view=rev Log: Document how to test SSL (JAMES-1219)
Modified: james/server/trunk/src/site/xdoc/config-ssl-tls.xml Modified: james/server/trunk/src/site/xdoc/config-ssl-tls.xml URL: http://svn.apache.org/viewvc/james/server/trunk/src/site/xdoc/config-ssl-tls.xml?rev=1135424&r1=1135423&r2=1135424&view=diff ============================================================================== --- james/server/trunk/src/site/xdoc/config-ssl-tls.xml (original) +++ james/server/trunk/src/site/xdoc/config-ssl-tls.xml Tue Jun 14 09:14:38 2011 @@ -85,12 +85,13 @@ <p>To use TLS/SSL inside James you will need a certificate keystore.</p> <p></p> - <p><b>Preparing the Certificate Keystore</b></p> + + <p><b>Creating your own Certificate Keystore</b></p> <p>(Adapted from the Tomcat 4.1 documentation)</p> <p>James currently operates only on JKS format keystores. This is Java's standard "Java KeyStore" format, and is the format created by the keytool command-line utility. This tool is included in the JDK.</p> <p>To import an existing certificate into a JKS keystore, please read the documentation (in your JDK documentation package) about keytool.</p> <p>To create a new keystore from scratch, containing a single self-signed Certificate, execute the following from a terminal command line:</p> - <p>keytool -genkey -alias james -keyalg RSA -keystore your_keystore_filename</p> + <p><code>keytool -genkey -alias james -keyalg RSA -keystore your_keystore_filename</code></p> <p>(The RSA algorithm should be preferred as a secure algorithm, and this also ensures general compatibility with other servers and components.)</p> <p>As a suggested standard, create the keystore in the james/conf directory, with a name like james.keystore.</p> <p>After executing this command, you will first be prompted for the keystore password.</p> @@ -100,7 +101,8 @@ <p>If everything was successful, you now have a keystore file with a Certificate that can be used by your server.</p> <p>You MUST have only one certificate in the keystore file used by James.</p> <p></p> - <p><b>Installing a Certificate from a Certificate Authority</b></p> + + <p><b>Installing a Certificate provided by a Certificate Authority</b></p> <p>(Adapted from the Tomcat 4.1 documentation</p> <p>To obtain and install a Certificate from a Certificate Authority (like verisign.com, thawte.com or trustcenter.de) you should have read the previous section and then follow these instructions:</p> <p>Create a local Certificate Signing Request (CSR)</p> @@ -138,6 +140,17 @@ <a href="http://www.openssl.org">OpenSSL web site</a>. Follow the instructions provided with the SSL client to create a connection to the server port. Upon connection, the usual server greeting should appear.</p> + + <source> +/usr/bin/openssl s_client -quiet -connect localhost:465 +depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown +verify error:num=18:self signed certificate +verify return:1 +depth=0 /C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown +verify return:1 +220 192.168.0.208 SMTP Server (JAMES SMTP Server) ready Thu, 9 Jun +2011 20:31:07 +0200 (CEST) +</source> </subsection> --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org