Skip to content

Adding SSL Encryption to your Plesk Mail Server

Log into your Plesk Control Panel and choose Server > Certificates:

Click on the certificate you wish to use for your mail server.  Scroll down until you see the sections Private Key and Certificate.  Copy the contents of each section into a new file on your server and name the file with the .pem extension, e.g.  Save this file to the /usr/share/courier-imap directory.  Your file should look similar to this:





Before editing system configuration files on your server backup files should be made first.  Enter the following two commands, one at a time:

cp /etc/courier-imap/pop3d-ssl /etc/courier-imap/pop3d-ssl.backup
cp /etc/courier-imap/imapd-ssl /etc/courier-imap/imapd-ssl.backup

Next you will need to edit the same line on these two files separately.  The line begins with TLS_Certfile=.  You can easily jump straight to editing that line with the following command which you will use for both files:

vi +/TLS_CERTFILE= /etc/courier-imap/pop3d-ssl
vi +/TLS_CERTFILE= /etc/courier-imap/imapd-ssl

The default certfile being used points to a file in /usr/share/courier-imap/.  You want this to be your pem file instead.   Change that line to point to your file which you saved earlier in that directory.  Your two files should look like this snippet:

# treated as confidential, and must not be world-readable.


# TLS_TRUSTCERTS=pathname – load trusted certificates from pathname.
# pathname can be a file or a directory. If a file, the file should

We also need to have qmail use this cert.  Make a backup of the default servercert.pem file and use your cert instead with the following two commands:

mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.backup
cp /usr/share/courier-imap/ /var/qmail/control/servercert.pem

Restart the mail services on your server:

/etc/init.d/courier-imap restart && /etc/init.d/qmail restart

You should see the following successful output:

Stopping Courier-IMAP server:
Stopping imap                                           [  OK  ]
Stopping imap-ssl                                       [  OK  ]
Stopping pop3                                           [  OK  ]
Stopping pop3-ssl                                       [  OK  ]

Starting Courier-IMAP server:
Starting imapd                                          [  OK  ]
Starting imap-ssl                                       [  OK  ]
Starting pop3                                           [  OK  ]
Starting pop3-ssl                                       [  OK  ]

Stopping : Starting qmail:                                 [  OK  ]

Now you and your site users should be able to use your SSL certificate to securely send email using various mail programs.


Find this useful? Take just a moment and give a $1. Thanks!
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)