How can I change default certificates for SMTP, IMAP and POP3 over SSL?

Article ID: 1062 
Last Review: Oct,6 2008
Author: Bezborodova Anastasiya APPLIES TO:
  • Plesk for Linux/Unix

Resolution

Certificate for SMTP over SSL is located in /var/qmail/control/servercert.pem file.

For IMAP4 and POP3 over SSL the following certificate files are used accordingly:

/usr/share/courier-imap/imapd.pem
/usr/share/courier-imap/pop3d.pem

By default these are self-signed certificates for 'plesk' name which are generated during SWsoft Plesk installation. If you need to setup your own certificates, you should copy your certificate and private key into the appropriate files and restart qmail and/or courier-imap services.

Important thing, the clients should specify the domain the certificate is issued for in order to avoid warning that certificate name does not match to the host you are connecting to. For example, if the certificate was issued for the 'example.com' domain, then you should specify 'example.com' as connection string in your mail client preferences for SMTP/POP3/IMAP servers.

NOTE: there is a single certificate for each of these services: SMTP, IMAP4 and POP3 over SSL and several various certificates cannot be used for various Plesk domains.

Additional information

/var/qmail/control/servercert.pem should include:

1. The private key
2. The primary certificate
3. The intermediate certificate
4. The root certificate

Make sure that you include the begin and end tags of the key and each certificate including the dash lines. The resulting text should look like this: 

-----BEGIN RSA PRIVATE KEY-----
..........
(Your Private Key here)
..........
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
..........
(Your Primary SSL certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Intermediate certificate here)
..........
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
..........
(Your Root certificate here)
..........
-----END CERTIFICATE-----

Body of SSL certificate in /usr/share/courier-imap/imapd.pem and /usr/share/courier-imap/pop3d.pem should look like this:

-----BEGIN CERTIFICATE-----
MIIB8TCCAZsCBEUpHKkwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlJPMQww
............
............
eNpAIeF34UctLcHkZJGIK6b9Gktm
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDv6i/mxtS2B2PjShArtOAmdRoEcCWa/LH1GcrbW14zdbmIqrxb
..........
..........
faXRHcG37TkvglUZ3wgy6eKuyrDi5gkwV8WAuaoNct5j5w==
-----END RSA PRIVATE KEY-----
Keywords: SSL certificate; SMTP; IMAP; POP3


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields