TLS configuration for Courier IMAP and POP3

Refers to:

  • Plesk for Linux

Created:

2016-11-16 13:05:25 UTC

Modified:

2017-02-15 11:49:31 UTC

0

Was this article helpful?


Have more questions?

Submit a request

TLS configuration for Courier IMAP and POP3

Symptoms

For some reason it fails to connect to the server over SSL/TLS. If no encryption is used, connection goes through fine. When checking with

openssl s_client -starttls imap -crlf -connect localhost:143

or

openssl s_client -connect localhost:993

get one of the following error message

CONNECTED(00000003)
depth=0 /OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.domain.tld
verify error:num=20:unable to get local issuer certificate

or

verify error:num=27:certificate not trusted

or

verify error:num=21:unable to verify the first certificate

Cause

Improper CA root certificate used or certificate chain is corrupted

Resolution

If 'GoDaddy G2' certificates are used, download 'GoDaddy Certificate Bundles - G2' from https://certs.godaddy.com/anonymous/repository.pki

If you are using certificates from another SSL certificate provider, then you should obtain an appropriate CA certificate bundle having intermediate root CA included.

  1. Modify ' /etc/courier-imap/imapd-ssl ' and set TLS_TRUSTCERTS=/path/to/the/certificate/bundle/file
  2. Modify ' /etc/courier-imap/pop3d-ssl ' and set TLS_TRUSTCERTS=/path/to/the/certificate/bundle/file
  3. Modify ' /etc/postfix/main.cf ' and set ' smtpd_tls_CAfile=/path/to/the/certificate/bundle/file '
Have more questions? Submit a request
Please sign in to leave a comment.