curl -O https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt cat intermediate_ca.txt ca-bundle.crt > allcacerts.crt
Creating Java KeyStore from X.509 certificate
TweetPosted on Friday Feb 06, 2015 at 10:00PM in Technology
Environment
-
Oracle JDK 8u20
-
OpenSSL 0.9.8zc 15 Oct 2014
-
A certificate bought from RapidSSL
Files
-
key.pem: Private key (Created withopensslcommand as I wrote in previous posting) -
certificate.txt: Certificate which sent from the seller via email -
intermediate_ca.txt: Intermediate CA which sent from the seller via email
Create CAFile
Create PKCS12 key store
openssl pkcs12 -export -chain -CAfile allcacerts.crt -in certificate.txt -inkey key.pem -out mykeystore.pkcs12 -name java
Create Java KeyStore
keytool -importkeystore -srckeystore mykeystore.pkcs12 -srcstoretype pkcs12 -srcalias java -destkeystore mykeystore.jks -deststoretype jks -destalias mykey
Show list of entries in key store
keytool -v -list -storetype jks -keystore mykeystore.jks
Now mykeystore.jks is usable for application built upon Java.
Tags: ssl
Obtaining a SSL certification
TweetPosted on Friday Feb 06, 2015 at 06:43PM in Technology
SSL certification are cheap these days. even there is free one is available. you can obtain personal one for around $10 per one year.
What you need
-
Payment method (PayPal account, a credit card… usable method may vary depending on seller)
-
An administrative mail address in the domain which the certification will be issued to (e.g.
postmaster@example.org)
Common procedure is following:
Create a random seed
openssl md5 /var/log/*.log* > rand.dat
Create a private key
openssl genrsa -rand rand.dat -des3 2048 > key.pem
Create CSR from private key
openssl req -new -key key.pem -out csr.pem
I entered following:
Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (e.g. server FQDN or YOUR name) []:www.nailedtothex.org Email Address []:postmaster@MYDOMAIN.example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Send CSR to certification authority (SSL certification seller)
The seller will send you the certification. now you need to apply certification to your servers (HTTP, SMTP, IMAP… etc).
Tags: ssl
Configuring helo names of James
TweetPosted on Friday Feb 06, 2015 at 04:47PM in Technology
My James instance looks like failed to determine its hostname as follows:
$ telnet localhost 10025 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost.localdomain JAMES SMTP Server Server (JAMES SMTP Server ) ready helo example.com 250 localhost.localdomain Hello example.com [127.0.0.1])
This can be solved by editing XML files such as smtpserver.xml, pop3server.xml and imapserver.xml respectively as follows:
<helloName autodetect="false">www.nailedtothex.org</helloName>
Also you should check that the name which James will use during communicate to another SMTP server. you can check it easily with this site. if the name is wrong, this may be a cause of that remote server will consider your James server as spammer. the name to use will be hostname of the server. you can check it with simply issuing hostname command on Linux.
Unfortunately you can’t set the hostname in portable way due to a bug in a dependency geronimo-javamail_1.4_mail. the hostname should be able to configured in mailetcontainer.xml as follows but not worked at the present time.
<!-- Set the HELO/EHLO name to use when connectiong to remote SMTP-Server --> <mail.smtp.localhost>www.nailedtothex.org</mail.smtp.localhost>
So current geronimo-javamail_1.4_mail ignores that value. considerable solutions are following:
-
Change the hostname of the server (for <= Java 7u51)
-
Put you FQDN first (before
localhost) in/etc/hosts. detail (for recent Java) -
Apply a patch to Geronimo JavaMail and update dependency of James. unfortunately seems like that fixed version of Geronimo JavaMail is not released yet.
Tags: james
Disabling SpamAssassin on James
TweetPosted on Friday Feb 06, 2015 at 03:00PM in Technology
I’m using revision number 1657019 in the SVN trunk of James3. I see an error in james-server.log at every receiving of emails as follows:
INFO 14:41:51,912 | james.mailetcontext | Error communicating with spamd on localhost:783 Exception: java.net.ConnectException: Connection refused
It seems like that James is trying to connect to local SpamAssassin instance, but I have no SpamAssassin instance on my server yet so I simply deleted following definition from mailetcontainer.xml.
<mailet notmatch="SenderHostIsLocal" class="SpamAssassin"> <spamdHost>localhost</spamdHost> <spamdPort>783</spamdPort> </mailet>
Now the exception disappeared.
Tags: james
Defining aliases on James
TweetPosted on Friday Feb 06, 2015 at 02:47PM in Technology
I’m using James3 in SVN trunk revision number 1657019.
Adding a user to recipient rewrite table
This forwards a address postmaster@example.com to kyle@example.com:
./james-cli.sh -p 9999 -h localhost addaddressmapping postmaster example.com kyle@example.com
Defining postmaster address
James replaces a particular address postmaster by PostmasterAlias according to XML definition on some environment, so we need to set correct email address to it. in $JAMES_HOME/mailetcontainer.xml as follows:
<mailetcontainer enableJmx="true">
<!-- MailAddress used for PostMaster -->
<context>
<postmaster>kyle@example.com</postmaster>
</context>
...
Tags: james
