Your browser may have trouble rendering this page. See supported browsers for more information.

This page shows the source for this entry, with WebCore formatting language tags and attributes highlighted.

Title

Using an OpenSSL certificate for Courier IMAP

Description

Courier IMAP has a default certificate for SLL communication, but it's only valid for a year and has bogus, default information in it. You can use a utility to generate a new certificate and, with a little perseverance, find the configuration file from which it draws its parameters. With these parameters, you can make a slightly better certificate, but it's better to use OpenSSL to generate a proper certificate, based either on a trusted certificate or self-signed. However, OpenSSL's default output does not include the combined private key/certificate file expected by Courier. To do that, I adapted the instructions found in <a href="http://www.digicert.com/ssl-certificate-installation-courier-imap.htm">Courier IMAP SSL Certificate Installation</a> to create the combined PEM file and reference it from the courier configuration file. In my case, I just re-used the certificates I'd already generated for TLS SMTP access with Postfix, which I'd stored at <c>/etc/postfix/keys/</c>. All instructions are for a Debian Etch installation. Open a text editor and paste the contents of the primary certificate and the private key one after another in the following order: <ol> The Primary Certificate (server.crt) The Private Key (server.key) </ol> Include the <c>BEGIN</c> and <c>END</c> tags on each. The result should look like this: <code> -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: server.crt) -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- (Your Private Key: server.key) -----END RSA PRIVATE KEY----- </code> Save the combined file as <c>server.pem</c>. Finally, open the <c>/etc/courier/imapd-ssl</c> file and update the following value to reference the new PEM file. <code> TLS_CERTFILE=/etc/postfix/keys/server.pem </code> Restart the Courier server by executing <c>/etc/init.d/courier-imap-ssl restart</c> and you're done.