james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Burrell Donkin" <robertburrelldon...@gmail.com>
Subject Re: Setting up the server for TLS.
Date Wed, 02 Jul 2008 20:44:28 GMT
On Wed, Jul 2, 2008 at 2:53 PM, Stefano Bagnara <apache@bago.org> wrote:
> Rick McGuire ha scritto:
>>
>> Stefano Bagnara wrote:
>>>
>>> Rick McGuire ha scritto:
>>>>
>>>> Thanks Stefano, that helped.  I'm getting closer, but I'm still having a
>>>> problem.  I created the server cert using the directions you pointed me
>>>> toward, and added the cert to the truststore using the directions I found
>>>> here:
>>>>
>>>> http://www.site.uottawa.ca/~lpeyton/csi5389genkeystore.html
>>>>
>>>> Now I'm getting an error on the server when I try to connect.  See the
>>>> log at the end.  I'm running this on
>>>>
>>>> java version "1.5.0_11"
>>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
>>>> Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)
>>>>
>>>> Which I've used for successful SSL connections to other servers, so I
>>>> suspect the problem is in either the server configuration or the cert I
>>>> added to the truststore.  I'm sort of hit a dead end at this point, so any
>>>> assistance is very much appreciated.
>>>
>>> Hi Rick,
>>>
>>> the jce lib you copy to JAMES_HOME/lib have to be the same of the JVM you
>>> use to run JAMES.
>>> So if you want to run JAMES with java 1.5 you will also have to replace
>>> your 1.4 JCE in JAMES_HOME/lib with the 1.5 JCE.
>>>
>>> Not sure this is your issue, let me know.
>>
>> I'm not sure I understand this....I didn't copy any JCE to the
>> JAMES_HOME/lib directory.  However, I just went and double checked, and the
>> JVM version that worked was not 1.4.2 like I believed, but rather 1.6.  Is
>> the JCE included in 1.4.2, but not in 1.6?
>> Rick
>
> I don't use SSL, but AFAIK you have to copy the JCE from the JRE you use to
> run JAMES as described in the config.xml:
> <!-- JAMES TLS uses JSSE. This means that for many Sun JVMs,
>   the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext
>   into $JAMES_HOME/lib. It may also be necessary to download and
>   install unlimited strength policies. -->
> <!--
> <useTLS>true</useTLS>
> -->
> <!-- Use provider elements to specify additional JCE providers.
>  The jars should be put into $JAMES_HOME/lib.
>   For example, Uncomment this if you want to use
>   BouncyCastle JCE (http://www.bouncycastle.org)
> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> -->
>
> I think this is true at least for java2 1.4 and java5... let us know,

bouncy castle is a much better bet for JVM independence: IIRC the JCE
characteristics seem to vary widely with different sun releases

- robert

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message