error configuring apache james 2.3.2 to support ssl: NoSuchAlgorithmException

StackOverflow https://stackoverflow.com/questions/23171901

  •  06-07-2023
  •  | 
  •  

Question

I've downloaded apache james 2.3.2. At the moment I just want to get it working on localhost with ssl encyption (but I know very little about ssl). Initially I managed to get it running, create accounts (by running james-2.3.2/bin/run.bat) and connect to these account using mozilla thunderbird mail client. The trouble comes when I try to create a self signed ssl certificate. I have tried two different methods.

  1. running keytool -genkeypair creates a keystore in .keystore in my home directory and

  2. running keytool -genkeypair -alias certificate -keystore my_keystore.pfx -storepass password -validty 365 -keyalg RSA -keysize 2048 -storetype pkcs12 creates a keystore in my_keystore.pfx.

james-2.3.2 will accept the .keystore but Thunderbird won't and Thunderbird will accept my_keystore.pfx but James throws exceptions. I think the error might be in the james-2.3.2/apps/james/SAR-INF/conf.xml file.

<sockets>
  <server-sockets>
    <factory name="plain" class="org.apache.avalon.cornerstone.blocks.sockets.DefaultServerSocketFactory"/>
    <factory name="ssl" class="org.apache.avalon.cornerstone.blocks.sockets.TLSServerSocketFactory">
      <ssl-factory>
        <keystore>
          <file>conf/my_keystore.pfx</file>
          <password>password</password>
          <key-password>password</key-password>
          <type>PKCS12</type>
          <protocol>TLS</protocol>
          <algorithm>SHA256withRSA</algorithm>
          <authenticate-client>false</authenticate-client>
         </keystore>
       </ssl-factory>
     </factory>
   </server-sockets

When i try to run james again from the batch file I get NoSuchAlgorithException. Have tried using allsorts for the algorithm tag instead of SHA256withRSA but nothing seems to work. If anyone knows the answer I'd be greatfull. Also if anyone knows how to turn on the logging so I can see it in the log file that too would be helpfull.

Was it helpful?

Solution

sunjce_provider.jar has to be copied from the JRE lib folder to the lib folder in James. James will then accept the .pfx file if the algorithm tag is left as the default SunX509. I spotted this nugget of information in the comments of the config xml file.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top