Email FreeBSD Uncategorized

SSL Certificate Installation for Courier IMAP and POP

This guide will provide you information on how to setup and configure SSL certificates for the courier IMAP mail server.

 

Prior to the installation you will need to purchase an SSL certificate from your domain registrar. In this example, the SSL was purchased from DomainPal. You will need the following from:
  • Private Key File (Generated on the server for the CSR creation)
  • Certificate File (Provided by Domain Pal)
  • Intermediate Certificate (Provided by Domain Pal)

 

This installation is done on a FreeBSD server and the directory path may differ on your server.

Follow the steps below to configure both IMAP and POP SSL certificates on your server:

 

IMAP SSL Installation
  • Locate your current imapd-ssl configuration file:
    • cd /usr/local/etc/courier-imap
  • Edit your imapd-ssl configuration file and specify the path of your new ssl (Use your favorite text editor, in my case I have used vi):
    • TLS_CERTFILE=/usr/local/share/courier-imap/[domain].pem

  • Create your pem file:
    • touch /usr/local/share/courier-imap/[domain].pem
  • Add the proper files to your .pem flle in the order provided below:
    • —–BEGIN RSA PRIVATE KEY—–
    • This is the private key that has used to generate the CSR for your SSL certificate
    • —–END RSA PRIVATE KEY—–
    • —–BEGIN CERTIFICATE—–
    • This is the certificate provided to you by your registrar
    • —–END CERTIFICATE—–
    • —–BEGIN CERTIFICATE—–
    • This is the intermediate certificate provided to you by your registrar
    • —–END CERTIFICATE—–
  • Restart imapd-ssl service
    • /usr/local/etc/rc.d/courier-imap-imapd-ssl restart
POP3 SSL Installation
    • Locate your current pop3d-ssl configuration file:
      • cd /usr/local/etc/courier-imap
    • Edit your pop3d-ssl configuration file and specify the path of your new ssl (Use your favorite text editor, in my case I have used vi):
      • TLS_CERTFILE=/usr/local/share/courier-imap/[domain].pem

    • Create your pem file:
      • touch /usr/local/share/courier-imap/[domain].pem
    • Add the proper files to your .pem flle in the order provided below:
      • —–BEGIN RSA PRIVATE KEY—–
      • This is the private key that has used to generate the CSR for your SSL certificate
      • —–END RSA PRIVATE KEY—–
      • —–BEGIN CERTIFICATE—–
      • This is the certificate provided to you by your registrar
      • —–END CERTIFICATE—–
      • —–BEGIN CERTIFICATE—–
      • This is the intermediate certificate provided to you by your registrar
      • —–END CERTIFICATE—–
  • Restart imapd-ssl service
    • /usr/local/etc/rc.d/courier-imap-pop3d-ssl restart
Test Installation

Once the installation has been completed you can use the following to test:

  • Test IMAP over SSL
    • openssl s_client -showcerts -connect [domain]:993

    • example: openssl s_client -showcerts -connect example.com:993
  • Test POP3 over SSL
    • openssl s_client -showcerts -connect [domain]:995

    • example: openssl s_client -showcerts -connect example.com:995

 

 

 

Related Articles