TNPI - can I use a signed SSL certificate

home : internet : mail : toaster : FAQ : can I use a signed SSL certificate

As of two minutes ago I now run with a signed certificates on my mail server. (previously I use self-signed certs). Check out any of the email services on www.theartfarm.com (https, pop3s, imaps, ssl-tls) and you'll find them to all be secured using a real valid SSL cert.

Installing the signed certificate consisted of:

cat /path/to/ssl/cert.key > /var/qmail/control/servercert.pem
cat /path/to/ssl/cert.crt >> /var/qmail/control/servercert.pem
cat /path/to/ssl/intermediary_cert.crt >> /var/qmail/control/servercert.pem
;
cp /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem
chown vpopmail:vchkpw /var/qmail/control/servercert.pem
chown qmaild /var/qmail/control/clientcert
chmod 400 /var/qmail/control/servercert.pem /var/qmail/control/clientcert
qmail restart
;
cp /var/qmail/control/servercert.pem /usr/local/share/courier-imap/imapd.pem
cp /var/qmail/control/servercert.pem /usr/local/share/courier-imap/pop3d.pem
imapssl stop
imapssl start
pop3ssl stop
pop3ssl start

That's all I had to do.... other than reconfigure my email client to connect on the hostname that my "real" cert uses, and it works like a charm.

Last modified on 6/3/05.