Certificate installation


Installing your Certificate with Courier IMAP

This document introduces generating and installing a Server Digital Certificate, and answers questions you might have.


Installing a Server Digital Certificate

Upload a New SSL Certificate

After you are emailed your certificate, two other certificates will be necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and the intermediate CA IPSCA CLASEA1. It is essential that these certificates also be installed on your webserver in order to establish correct SSL connections with your customer's browsers. Should they be required, you may download these certificates individually or collectively as a bundled file below:

IPSServidores.crt

IPSCACLASEA1.crt

IPS-IPSCABUNDLE.CRT

Firstly when your issuance email arrives you will have two certificates in the email - your server certificate and a IPSCACLASEA1 chained certificate.

Copy the IPSCACLASEA1 chained certificate into a text editor such as notepad and save as IPSCACLASEA1.crt.

1. Copy your server certificate from the body of the email into a new file. Copy the contents of your private key file (yourdomain.key) into the same file. yourdomain.key - which will have been generated by your server when the original CSR was created. The final file should look like:

-----BEGIN CERTIFICATE-----
..................
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
..................
-----END RSA PRIVATE KEY-----

Ensure that there are NO blank lines between the key and certificate.

2. Save the certificate plus private key file as yourdomain_cert_key, and save to a suitable location. Save the chain.crt to the same directory.

3. To secure your IMAP:

  • Locate and open imapd-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

    TLS_CERTFILE=/some/path/openguild_cert_and_key
    TLS_TRUSTCERTS=/some/path/IPSCACLASEA1.crt

4. To secure your POP3:

  • Locate and open pop3d-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

    TLS_CERTFILE=/some/path/openguild_cert_and_key
    TLS_TRUSTCERTS=/some/path/IPSCACLASEA1.crt

5. Ownership and permissions on the certificate files are important:

# ls -alF /some/path/
drwxr-xr-x 2 root root 4096 May 23 09:22 ./
drwxr-xr-x 24 root root 4096 May 23 09:22 ../
-r-------- 1 root root 1230 May 23 09:22 IPSCACLASEA1.crt
-r--r----- 1 root root 2030 May 23 09:23 yourdomain_cert_key

  return to the top

© 1996 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved.
Our CPS summarized or complete, CRLs, Root Certificates and legal documents
  can be found in our repository
Read our  Privacy Policy and Terms of Use