Issue SSL-certificate integration for mailserver (qmail)

[marc5]

Hello dear cracks and helpful people,

I have some frustrating problems with Plesk 11.0 + Ubuntu 12.04 LTS.
Searching for a way to secure the mail-server (qmail) with a valid (bought yesterday) SSL-certificate: rapid ssl wildcard
I choosed a wildcard certificate because of the website and the e-mail security (domain and subdomains).

The support of my hoster got the some problem with their experience in such things... and provided this to me: SSL-Zertifikat unter Plesk 12.5 verwalten: So geht's | STRATO
There is nothing about the intermediate certificate mentioned ; (

Can anybody help..?

Many thanks in advance - marc

PS: We can speak german if someone does

 

[sebgonzes]

ca.crt field is the field for intermediate certificate....

 

[marc5]

Thanks a lot sebgonzes : )

Know it works for the website... but not for the e-mails (outlook shows allready the default certificate of parallels panel) : (
Nothing is easy...

 

[sebgonzes]

Well, I am not sure that qmail (and more if it's an version from 10 years ago in plesk 11) is ready for this

 

[marc5]

Hm... thanks again..!
I need to verify that.

Best - marc

 

[marc5]

I found something interesting about SSL-certificates and pop3 / smtp

-
Translation with google translator:
"
Every year: The SSL certificate expires. No problem per se, you can copy or create a new one via the Plesk interface.
However, Plesk also “forgets” to update the certificates for the SMTP server (qmail) and the IMAP and POP3 server (courier-imap). The certificates generated by Plesk can be found in the directory "/ usr / local / psa / var / certificates". Plesk generates all certificates with a random string. The files are then called e.g. cert-AY3mSK. It is best to look for the file date to find out the last one generated.

cp /usr/local/psa/var/certificates/cert-AY3mSK /var/qmail/control/servercert.pem
cp /usr/local/psa/var/certificates/cert-AY3mSK /usr/share/courier-imap/pop3d.pem
cp /usr/local/psa/var/certificates/cert-AY3mSK /usr/share/courier-imap/imapd.pem
service qmail restart
service courier-imap restart

Note: If you have a "real" certificate, you have to attach the certificates of the certification authority to the certificate file for qmail. Plesk stores these in another file with a random string (but of the same date):

cat /usr/local/psa/var/certificates/cert-AY3mSK > /var/qmail/control/servercert.pem
cat /usr/local/psa/var/certificates/cert-832vfh >> /var/qmail/control/servercert.pem
cp /var/qmail/control/servercert.pem /usr/share/courier-imap/pop3d.pem
cp /var/qmail/control/servercert.pem /usr/share/courier-imap/imapd.pem
service qmail restart
service courier-imap restart

Pay attention to single ">" and double ">>" redirection signs!
Before copying, make a backup copy of the relevant files!

Note 2: As Thomas notes in the comments, the rights of the certificate files must match: So with the QMail certificate user qmaild and rights 600, with the courier please look at the other files!
"
See: Plesk: SSL-Zertifikat für qmail & courier IMAP – /var/bergercity/
-
Maybe there is no possibility in the graphic user interface with the Plesk-OS for e-mail-security (Plesk 11.0 + Ubuntu 12.04 LTS)... but it seems there is a possibility with putty.

What do you think..?

Best - marc