Skip to content

Adding SSL Encryption to your Plesk Mail Server

This content will be shown before all post

Log into your Plesk Control Panel and choose Server > Certificates:

Click on the certificate you wish to use for your mail server.  Scroll down until you see the sections Private Key and Certificate.  Copy the contents of each section into a new file on your server and name the file with the .pem extension, e.g. server.domain.com.pem.  Save this file to the /usr/share/courier-imap directory.  Your file should look similar to this:

—–BEGIN RSA PRIVATE KEY—–

—–END RSA PRIVATE KEY—–

—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–

Before editing system configuration files on your server backup files should be made first.  Enter the following two commands, one at a time:

cp /etc/courier-imap/pop3d-ssl /etc/courier-imap/pop3d-ssl.backup
cp /etc/courier-imap/imapd-ssl /etc/courier-imap/imapd-ssl.backup

Next you will need to edit the same line on these two files separately.  The line begins with TLS_Certfile=.  You can easily jump straight to editing that line with the following command which you will use for both files:

vi +/TLS_CERTFILE= /etc/courier-imap/pop3d-ssl
vi +/TLS_CERTFILE= /etc/courier-imap/imapd-ssl

The default certfile being used points to a file in /usr/share/courier-imap/.  You want this to be your pem file instead.   Change that line to point to your file which you saved earlier in that directory.  Your two files should look like this snippet:

# treated as confidential, and must not be world-readable.
#
TLS_CERTFILE=/usr/share/courier-imap/server.domain.com.pem

#

##NAME: TLS_TRUSTCERTS:0
#
# TLS_TRUSTCERTS=pathname – load trusted certificates from pathname.
# pathname can be a file or a directory. If a file, the file should

We also need to have qmail use this cert.  Make a backup of the default servercert.pem file and use your cert instead with the following two commands:

mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.backup
cp /usr/share/courier-imap/server.domain.com.pem /var/qmail/control/servercert.pem

Restart the mail services on your server:

/etc/init.d/courier-imap restart && /etc/init.d/qmail restart

You should see the following successful output:

Stopping Courier-IMAP server:
Stopping imap                                           [  OK  ]
Stopping imap-ssl                                       [  OK  ]
Stopping pop3                                           [  OK  ]
Stopping pop3-ssl                                       [  OK  ]

Starting Courier-IMAP server:
Starting imapd                                          [  OK  ]
Starting imap-ssl                                       [  OK  ]
Starting pop3                                           [  OK  ]
Starting pop3-ssl                                       [  OK  ]

Stopping : Starting qmail:                                 [  OK  ]

Now you and your site users should be able to use your SSL certificate to securely send email using various mail programs.

From: https://support.amhosting.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=84&ratingconfirm=1

This content will be shown after all post