You can roll out and use your own certificate in your JAMES instance.
JAMES uses the very popular software Nginx as web server.
This step requires SSH or interactive console access to the system.
The configuration files are all located under /etc/nginx/.
Before you start, please save all relevant files for a possible rollback.
The SSL settings are included from a configuration fragment under /etc/nginx/snippets/metasec-james-ssl.conf.
# Self signed certificates generated by the ssl-cert package # Don't use them in a production server! ssl_certificate /etc/metasec/ssl/nginx.crt; ssl_certificate_key /etc/metasec/ssl/nginx.key;
The two parts of the certificate are located under "/etc/metasec/ssl/".
You basically have two options:
- Adjusting the file /etc/nginx/snippets/metasec-james-ssl.conf.
- Simple exchange of the two files /etc/metasec/ssl/nginx.crt and /etc/metasec/ssl/nginx.key
The format of the certificates should be PEM.
We recommend the use of so-called SAN certificates (Subject Alternative Names) to avoid error messages from Chrome and other current browsers.
After replacing the certificates or adjusting the /etc/nginx/snippets/metasec-james-ssl.conf file, the Nginx service must be reloaded.
This is done with the command: /etc/init.d/nginx reload.
You can also check the changes beforehand with "nginx -t". If there is an error in the configuration, it will be reported accordingly.