Description
Since James supports S3 blob storage access via HTTPS, it should be possible to configure a specific trust store for validating the S3 server certificate. This lets users "pin" the server certificate, and better separate the trust realms of infrastructure and public services (SMTP, IMAP etc.).
This can be achieved in blob.properties with the usual set of configuration options for such cases, such as:
objectstorage.s3.truststore.path=/conf/s3trust.p12 objectstorage.s3.truststore.type=PKCS12 objectstorage.s3.truststore.secret=yoursecret objectstorage.s3.truststore.algorithm=SunX509
T-Shirt size M.
Attachments
Issue Links
- links to