• What is SSL?
• Why SSL?
• PKI Overview
• SSL Certificate Features
• Ordering a Certificate
• What is a CSR?
• SSL Certificate Installation
  • 4D Webstar 4.x
  • Apache
  • BEA Weblogic
  • Citrix Secure Gateway
  • Cisco Secure ACS
  • cPanel/WHM
  • Courier IMAP
  • Ensim Pro
  • H-Sphere
  • IBM HTTP Server
  • Lotus Domino
  • Microsoft Exchange 2007
  • Microsoft IIS 5 and 6
  • Microsoft IIS 7
  • NetScreen
  • F5 Big-IP
  • Plesk
  • Tomcat
• SSL Certificate Errors
• SSL Details
• Special Types
• Copying a Certificate

Most Popular

• More Discussion About How Firefox 3 Handles SSL Certificates
• The Most Common Java Keytool Keystore Commands
• SSL Certificates in Google Chrome
• How to Create a Self Signed Certificate in IIS 7
• How to Create A Self Signed Certificate

Courier IMAP SSL Installation Instructions

Create The PEM File

Once you have downloaded your certificates from your certificate authority, open the primary certificate and the private key that you created earlier in a text editor. Copy and paste the text in the  Primary Certificate and then from the Private Key. Save the file with a .pem extension (i.e myCertificate.pem) The file should look like this when finished:

-----BEGIN CERTIFICATE-----
(Primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key)
-----END RSA PRIVATE KEY-----

If your certificate requires an intermediate certificate, open it in a text editor and save it as a new file named intermediate.txt.

Import and Install the Certificate

Courier IMAP

1. Locate and open the imapd-ssl file (usually found in /usr/lib/courier-imap/etc/). Add the following directives pointing to the files you created above:

   TLS_CERTFILE=/some/path/myCertificate.pem
TLS_TRUSTCERTS=/some/path/intermediate.txt

2. Verify that the line below is allowing SSL3

TLS_PROTOCOL=SSL3

POP3

1. Locate and open pop3d-ssl file (usually found in /usr/lib/courier-imap/etc/). Add the following directives pointing to the files you created above:

TLS_CERTFILE=/some/path/myCertificate.pem
TLS_TRUSTCERTS=/some/path/intermediate.txt

Restart the Courier IMAP server.

Note: These are the basic instructions for installing an SSL certificate in Courier IMAP. There are many configuration options that can cause problems if you aren't aware of them. Mozilla's lead SSL developer, Nelson Bolyard, mentioned the two most common SSL problems with Courier IMAP that he deals with:

a) The server requests the email client to authenticate itself to the server with a client certificate, but the server does not recognize ANY client certificates as valid for this purpose, so clients that have certs and attempt to use them fail to authenticate to the server.  The server should not request client authentication unless it really is set up to properly use them.

b) The server does not enable its SSL session cache.  Consequently, the server goes through the whole slow and CPU-intensive handshake with certificates on every connection (for every IMAP folder). For servers that request client certificate authentication, this means the client is asked to reauthenticate itself for every folder.  The solution to this is to enable the server's SSL session cache.

Useful Courier IMAP SSL Links

• Courier imap SSL Certificates
• Living with Linux - Making a Courier IMAP SSL sertificate

Courier IMAP SSL Installation Instructions Comments

Write a comment

Name:
Email: (not published)
Subject:
Comment:

Security Code:
 

Post Comment