Creating an SSL certificate for Postfix/Courier IMAP on Ubuntu

If your SSL certificate has expired and you have chosen to go with PositiveSSL(Comodo), this post may help you out.

1. Generate your Certificate Signing Request (CSR)

openssl req -new -nodes -newkey rsa:2048 -keyout -out

2. Get your Certificate by signing the CSR file to Comodo and you will receive the Certificate by email.

3. Copy the certificate text in the email and create a new file on the server and append your certificate key generated in step 1. THe resulting file should look like this. Save it as


Make sure there is a blank line at the end of your PEM file.

4. Create your bundle file using the following commands

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.crt

5. On Ubuntu machines, open /etc/courier/imapd-ssl and change the following configurations


If your customers do not use Microsoft Office 2007 and earlier, add the following line


6. Restart Courier IMAP

service courier-imap restart
service courier-imap-ssl restart

7. For Postfix, copy the certificate received in the Comodo email and save it as file

8. Edit /etc/postfix/ and change the following

smtpd_tls_cert_file = /path/to/your/
smtpd_tls_key_file = /path/to/your/
smtp_tls_CAfile = /path/to/your/bundle.crt

9. Restart Postfix

service postfix restart

10. For Pop3d, edit the file /etc/courier/pop3d-ssl and change the following


11. Restart Pop3d services

service courier-pop restart
service courier-pop-ssl restart

12.Testing IMAP SSL and POP3 SSL

openssl s_client -connect
openssl s_client -connect

Both should successfully complete the SSL handshake if everything works.

One thought on “Creating an SSL certificate for Postfix/Courier IMAP on Ubuntu

Leave a Reply

Your email address will not be published. Required fields are marked *