Hello I'am wondering what is the better way to use ISP config SSL certificates for IMAPS and POPS with courier / POSTFIX. For the moment I have done : cat /root/ispconfig/httpd/conf/ssl.key/server.key /root/ispconfig/httpd/conf/ssl.crt/server.crt >pop3d.pem openssl gendh >>pop3d.pem cat /root/ispconfig/httpd/conf/ssl.key/server.key /root/ispconfig/httpd/conf/ssl.crt/server.crt >imapd.pem openssl gendh >>imapd.pem is there a better way ?
Normally you create own certificates for courier and postfix. Please have a look at the perfect setup guides, the creation of the SSL certificates is described there in the mail setup part.
Yes they are created during the installation without doing nothing. BUT they are first created with localhost instead of the host name of the server. Further more even if i create again the certificat with the good hostname i have to give to accept 2 different cert file to my client in order their browsers stop complainning. This is such a pain to explain that the cert files are self signed to make them accept the first one , if you tr to make them accept a second one for the same server it 's impossible. Besides it is common to use one certificat for one IP adress and with a cert file for each deamon running on the machine it is not the case. So i would like to configure courier-imap-ssl, courier-pop-ssl, smtps and every service that are running on the server with only one certificate the one created for Ispconfig webserver that runs on port 81. Thanks JP
The courier SSL certs has not to be accepted by the browser, they are only presented to the email client. If you run a commercial ISP, you shall consider to use a officially signed SSL cert.