monline

In Debian a trial SSL certificate is generated at the time of installation of the courier-imap-ssl package. However this certificate is only valid for a limited time and you might want to access your server over SSL for a longer period ... without buying a real certificate.

You can do this by issuing the following command to invoke the same procedure that was run at the time of installation (but first rename the old /etc/courier/imapd.pem certificate to something else): mkimapdcert

This will generate a new certificate based on the settings found in the /etc/courier/imapd.cnf OpenSSL-configuration file.

You can also generate a custom certificate that is valid for a period of your choice by issuing the following commands:

This will generate a certificate valid for 1825 days (~5 years) and without a passphrase. There's no need to restart courier, it'll use the new certificate upon connection with the next client.
If you omit the "-nodes" option during execution of openssl, then it will ask you for the passphrase at the time of certificate-generation ... and every time you start the Courier IMAP server.