Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-3673

Separate trust store for S3

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • master
    • 3.7.0
    • Blob
    • None

    Description

      Since James supports S3 blob storage access via HTTPS, it should be possible to configure a specific trust store for validating the S3 server certificate. This lets users "pin" the server certificate, and better separate the trust realms of infrastructure and public services (SMTP, IMAP etc.).

      This can be achieved in blob.properties with the usual set of configuration options for such cases, such as:

      objectstorage.s3.truststore.path=/conf/s3trust.p12
      objectstorage.s3.truststore.type=PKCS12
      objectstorage.s3.truststore.secret=yoursecret
      objectstorage.s3.truststore.algorithm=SunX509 

      T-Shirt size M.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            kotto Karsten Otto
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h

                Slack

                  Issue deployment