james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: Setting up the server for TLS.
Date Wed, 02 Jul 2008 13:53:45 GMT
Rick McGuire ha scritto:
> Stefano Bagnara wrote:
>> Rick McGuire ha scritto:
>>> Thanks Stefano, that helped.  I'm getting closer, but I'm still 
>>> having a problem.  I created the server cert using the directions you 
>>> pointed me toward, and added the cert to the truststore using the 
>>> directions I found here:
>>>
>>> http://www.site.uottawa.ca/~lpeyton/csi5389genkeystore.html
>>>
>>> Now I'm getting an error on the server when I try to connect.  See 
>>> the log at the end.  I'm running this on
>>>
>>> java version "1.5.0_11"
>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
>>> Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)
>>>
>>> Which I've used for successful SSL connections to other servers, so I 
>>> suspect the problem is in either the server configuration or the cert 
>>> I added to the truststore.  I'm sort of hit a dead end at this point, 
>>> so any assistance is very much appreciated.
>>
>> Hi Rick,
>>
>> the jce lib you copy to JAMES_HOME/lib have to be the same of the JVM 
>> you use to run JAMES.
>> So if you want to run JAMES with java 1.5 you will also have to 
>> replace your 1.4 JCE in JAMES_HOME/lib with the 1.5 JCE.
>>
>> Not sure this is your issue, let me know.
> I'm not sure I understand this....I didn't copy any JCE to the 
> JAMES_HOME/lib directory.  However, I just went and double checked, and 
> the JVM version that worked was not 1.4.2 like I believed, but rather 
> 1.6.  Is the JCE included in 1.4.2, but not in 1.6?
> Rick

I don't use SSL, but AFAIK you have to copy the JCE from the JRE you use 
to run JAMES as described in the config.xml:
<!-- JAMES TLS uses JSSE. This means that for many Sun JVMs,
    the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext
    into $JAMES_HOME/lib. It may also be necessary to download and
    install unlimited strength policies. -->
<!--
<useTLS>true</useTLS>
-->
<!-- Use provider elements to specify additional JCE providers.
  The jars should be put into $JAMES_HOME/lib.
    For example, Uncomment this if you want to use
    BouncyCastle JCE (http://www.bouncycastle.org)
<provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> -->

I think this is true at least for java2 1.4 and java5... let us know,
Stefano

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message