Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

IMAPS Konfiguration

uwe_wolfinger
Champ in-the-making
Champ in-the-making

‎03-10-2016 07:05 AM

I am trying to configure IMAPS and therefore changed the settings in alfresco-global.properties:
imap.server.enabled=true
imap.server.host=myhost
imap.server.port=8143
imap.server.imaps.enabled=true
imap.server.imaps.port=8993
javax.net.ssl.keyStore=/path/to/keystore/keystore.jks
javax.net.ssl.keyStorePassword=password

Alfresco starts up fine and gives the following entries in the log:

2016-03-10 11:50:13,191  INFO  [repo.imap.AlfrescoImapServer] [localhost-startStop-1] IMAP service started on hostSmiley Tongueort lvgintew01t.sozvers.at:8143
2016-03-10 11:50:13,195  INFO  [repo.imap.AlfrescoImapServer] [localhost-startStop-1] IMAPS service started on hostSmiley Tongueort lvgintew01t.sozvers.at:8993

IMAP on Port 8143 works fine, unfortunately i have to use IMAPS.

With IMAPS i am unable to get a connection, so far i tracked it down to a certificate issues. When i try to open a connection with openssl it gives the following infos:

openssl s_client -connect myhost:8993
CONNECTED(00000003)
139931021690696:error:14077410Smiley FrustratedSL routinesSmiley FrustratedSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 7 bytes and written 249 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—

As far as i unterstand this means, that the server does not present a certificate, so no ssl connection can be established.

Has anyone suceeded in setting up the IMAPS protocol or can give me some information on how to achieve this? Could this be based on a wrong configured keystore?

Thanks,
Uwe
Labels:
0 Kudos
3 REPLIES 3

afaust
Legendary Innovator
Legendary Innovator

‎03-11-2016 04:07 AM

Hello,

for whatever reason (shortsighted-ness), the IMAPS server functionality uses Java system properties instead of configured properties from alfresco-global.properties (or the subsystem properties files) to configure the keystore for the certificate. This is mentioned in comments within the default imap-server.properties file.
You need to set javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword via -D start parameters to provide the server certificate.

Regards
Axel
0 Kudos

uwe_wolfinger
Champ in-the-making
Champ in-the-making
In response to afaust

‎03-11-2016 04:31 AM

Thank you very much for your reply.

I also tried it now with setting the keystore as a java system property, unfortunately the result is the same.

For the keystore: what i did here is importing the ssl certificate of the server into the keystore. Is this the proper way, or does alfresco need a certain certificate in order to work?

Kind Regards,
Uwe

0 Kudos

uwe_wolfinger
Champ in-the-making
Champ in-the-making

‎03-14-2016 01:19 AM

Meanwhile i was able to find the problem - after creating a new keystore with a new key i am now able to connect over IMAPS.

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top