Secure Email Certificate Support

Courier IMAP

When your issuance email arrives you will have three certificates in the email - your webserver certificate the GTE root certificate and a Comodo intermediate certificate. (you will only require your server certificate and the Comodo intermediate certificate)

Copy the Comodo intermediate certificate (Comodo Class 3 Security Services CA) into a text editor such as notepad and save as ca_new.txt (bundle file).

1. Copy your server certificate from the body of the email into a new file. Copy the contents of your private key file (yourdomain.key) into the same file. yourdomain.key - which will have been generated by your server when the original CSR was created. The final file should look like:

-----BEGIN CERTIFICATE-----
..................
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
..................
-----END RSA PRIVATE KEY-----

Ensure that there are NO blank lines between the key and certificate.

2. Save the certificate plus private key file as yourdomain_cert_key, and save to a suitable location. Save the ca_new.txt (bundle file) to the same directory.

3. To secure your IMAP:

Locate and open imapd-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

TLS_CERTFILE=/some/path/yourdomain_and_key

TLS_TRUSTCERTS=/some/path/ca_new.txt (bundle file)

Please also insure that the below line is present and is correct

TLS_PROTOCOL=SSL3

4. To secure your POP3:

Locate and open pop3d-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

TLS_CERTFILE=/some/path/yourdomain_and_key

TLS_TRUSTCERTS=/some/path/ca_new.txt (bundle file)

5. Ownership and permissions on the certificate files are important:

# ls -alF /some/path/
drwxr-xr-x 2 root root 4096 Jun 7 19:29 ./
drwxr-xr-x 24 root root 4096 Jun 7 18:21 ../
-r-------- 1 root root 1230 Jun 7 18:24 ca_new.txt (bundle file)
-r--r----- 1 root root 2030 Jun 7 19:29 yourdomain_cert_key