In Debian a trial SSL certificate is generated at the time of installation of the courier-imap-ssl package. However this certificate is only valid for a limited time and you might want to access your server over SSL for a longer period ... without buying a
real certificate.
You can do this by issuing the following command to invoke the same procedure that was run at the time of installation (but first rename the old
/etc/courier/imapd.pem
certificate to something else):
mkimapdcert
This will generate a new certificate based on the settings found in the
/etc/courier/imapd.cnf
OpenSSL-configuration file.
You can also generate a custom certificate that is valid for a period of your choice by issuing the following commands:
cd /etc/courier
mv imapd.pem imapd_expired.pem
openssl req -x509 -newkey rsa:1024 -keyout server.key -out server.crt -days 1825 -nodes
cat server.key server.crt > imapd.pem
openssl gendh >> imapd.pem
chmod 0600 imapd.pem
rm server.key server.crt
This will generate a certificate valid for 1825 days (~5 years) and without a passphrase. There's no need to restart courier, it'll use the new certificate upon connection with the next client.
If you omit the "-nodes" option during execution of openssl, then it will ask you for the passphrase at the time of certificate-generation ... and every time you start the Courier IMAP server.
Recent comments
1 year 45 weeks ago
3 years 14 weeks ago
3 years 14 weeks ago
3 years 16 weeks ago
3 years 17 weeks ago
3 years 24 weeks ago
3 years 24 weeks ago
3 years 24 weeks ago
3 years 24 weeks ago
3 years 25 weeks ago