how to use ISPconfig SSL certificates with courier

Discussion in 'Installation/Configuration' started by unnilennium, Apr 7, 2007.

  1. unnilennium

    unnilennium New Member


    I'am wondering what is the better way to use ISP config SSL certificates for IMAPS and POPS with courier / POSTFIX.

    For the moment I have done :

    cat /root/ispconfig/httpd/conf/ssl.key/server.key /root/ispconfig/httpd/conf/ssl.crt/server.crt >pop3d.pem
    openssl gendh >>pop3d.pem
    cat /root/ispconfig/httpd/conf/ssl.key/server.key /root/ispconfig/httpd/conf/ssl.crt/server.crt >imapd.pem
    openssl gendh >>imapd.pem

    is there a better way ?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Normally you create own certificates for courier and postfix. Please have a look at the perfect setup guides, the creation of the SSL certificates is described there in the mail setup part.
  3. unnilennium

    unnilennium New Member

    Yes they are created during the installation without doing nothing.

    BUT they are first created with localhost instead of the host name of the server. Further more even if i create again the certificat with the good hostname i have to give to accept 2 different cert file to my client in order their browsers stop complainning.

    This is such a pain to explain that the cert files are self signed to make them accept the first one , if you tr to make them accept a second one for the same server it 's impossible.

    Besides it is common to use one certificat for one IP adress and with a cert file for each deamon running on the machine it is not the case.

    So i would like to configure courier-imap-ssl, courier-pop-ssl, smtps and every service that are running on the server with only one certificate the one created for Ispconfig webserver that runs on port 81.


  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The courier SSL certs has not to be accepted by the browser, they are only presented to the email client. If you run a commercial ISP, you shall consider to use a officially signed SSL cert.

Share This Page