1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SSL Certificate for client's mail

Discussion in 'Plesk 11.x for Linux' started by basilGr, Sep 21, 2012.

  1. basilGr

    basilGr New Pleskian

    12
    60%
    Joined:
    Mar 5, 2012
    Messages:
    3
    Likes Received:
    0
    Hello,
    One of my clients is not able to access his email via imap-ssl from his mail client because of the self signed certificate.
    When he accesses the mail server (on plesk), a bypass self-signed certificate window is popping up. I think his client is Windows Live Mail.

    Anyway i decided to purchase a comodo ssl to fix this. The problem is i really have no idea how to do so. i've purchased the ssl but have not yet requested generation.

    If i create a csr for a mail.domain.ltd, and i use plesk to install it i think it will only be available for apache and it will require a dedicated IP address (or not via SNI). But for the courier-imap i would have to edit the TLS_CERTFILE entry on /etc/courier-imap/imapd-ssl and pop3d-ssl .

    And my question is, would this be at all possible? Assigning a CERTFILE will assign it to the whole mailing system, not just for one client. Even if i could, which is very difficult, to get another ip address on plesk just for this cause, how could i setup courier to serve the certificate only for one client?

    Thank you in advance.
     
  2. basilGr

    basilGr New Pleskian

    12
    60%
    Joined:
    Mar 5, 2012
    Messages:
    3
    Likes Received:
    0
    i managed to get another ip address dedicated for that client.
    As i've read i have to create a pem file (based on the configured certificate). This i've done before for apache.
    But after that, it seems i have to create a certificate on /usr/share/courier-imap
    with the name imapd.pem.xxx.xxx.xxx.xxx (the ip address)
    But on some other sited the requested file has to be imapd-xxx.xxx.xxx.xxx.pem

    is there somewhere i can configure that?
     
  3. Alexey.Plotnitsky

    Alexey.Plotnitsky Regular Pleskian

    16
    55%
    Joined:
    Jan 19, 2012
    Messages:
    218
    Likes Received:
    3
  4. basilGr

    basilGr New Pleskian

    12
    60%
    Joined:
    Mar 5, 2012
    Messages:
    3
    Likes Received:
    0
    hello Alexey and thank you for your response.

    Unfortunately as i described i only need to define a certificate for one client/domain not the default certificate for the server's services.

    The solution i described above ( /usr/share/courier-imap/imapd.pem.xxx.xxx.xxx.xxx) works for checking email (imap).

    But the same solution doesn't seem to work for postfix (/etc/postfix/postfix_default.pem.xxx.xxx.xxx.xxx)

    Any ideas?
     
Loading...