The Courier mail server is a mail transfer agent (MTA) server that provides ESMTP, IMAP, POP3, webmail, and mailing list services with individual components. But, it is best known for its IMAP / IMAPs and POP3 / POP3s (secure version) server component.
Courier can provides support for both regular UNIX operating system account (stored in /etc/passwd) and virtual mail account managed by third party backends such as OpenLDAP, MySQL and so on.
In this quick tutorial, you will learn about installing Courier IMAP SSL digital certificate.
Out setup is as follows:
- SMTP Server: smtp.theos.in
- Courier IMAP / POP3 Server: smtp.theos.in
Generating a CSR and private key for Courier IMAP SSL Server
Type the command to create a SSL CSR for a mail server called smtp.theos.in:
# mkdir -p /usr/local/ssl
# cd /usr/local/ssl
# openssl req -new -nodes -keyout smtp.theos.in.key -out smtp.theos.in.csr
Most important is Common Name, in our example it is set to smtp.theos.in. For the common name, you should enter the full Courier IMAP server address of your site.
Submit CSR to CA
Next logical step is copy and paste the contents of the CSR file into the SSL certificate providers (aka CA) account and get final certificate.
Install your SSL certificate
Unzip file and upload certificates to /usr/local/ssl directory. You also need to upload your CA's intermediate certificate. Now, you should have 4 file as follows:
Now create /usr/local/ssl/smtp.theos.in.pem a combined .pem certificate file:
# cat /usr/local/ssl/smtp.theos.in.crt /usr/local/ssl/smtp.theos.in.key > /usr/local/ssl/smtp.theos.in.pem
Configure Courier IMAP SSL Certificate
Open your courier IMAP configuration file such as /usr/local/etc/courier-imap/imapd-ssl and make set directives as follows:
Save and close the file. Make sure that the file permissions are set correct and only root can read all files located in /usr/local/ssl directory. Restart Courier IMAP server:
# /usr/local/etc/rc.d/courier-imap-imapd-ssl restart
Test your installation
Use openssl utility to test configuration:
$ openssl s_client -connect smtp.theos.in:993
You should not see any error or warning message regarding SSL certificate.
- 30 Cool Open Source Software I Discovered in 2013
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop