DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Courier IMAP Server | SSL Certificate Installation

Solution ID : courier-imp-ssl-certificate-installation
Last Modified : 04/25/2025

Installing your SSL Certificates in Courier IMAP Mail Server

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
SSL Certificates CSR Creation | Courier IMAP.


Installing your Courier IMAP SSL Digital Certificate

  1. Collect your Certificate files

    Log in to your DigiCert Customer Account and collect your primary and intermediate certificate files. Also, locate your private key (your_domain_name.key) that was generated with your CSR.

  2. Create a combined .pem certificate file

    Open a text editor and paste the contents of the primary certificate and the private key one after another in the following order:

    1. The Primary Certificate (your_domain_name.crt)
    2. The Private Key (your_domain_name.key)


    Include the 'BEGIN' and 'END' tags on each. The result should look like this:

    -----BEGIN CERTIFICATE-----
    (Your Primary SSL certificate: your_domain_name.crt)
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    (Your Private Key: your_domain_name.key)
    -----END RSA PRIVATE KEY-----


    Save the combined file as digicertpack.pem

  3. Save the DigiCert Intermediate certificate:

    Copy the DigiCert intermediate certificate (DigiCertCA.crt) into a text editor and save it as a new file named digicertca.txt.

  4. Securing your Courier IMAP

    Locate and open the imapd-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

    • TLS_CERTFILE=/some/path/digicertpack.pem
    • TLS_TRUSTCERTS=/some/path/digicertca.txt

    Please verify that the line below is allowing SSL3

    • TLS_PROTOCOL=SSL3

  5. Securing your POP3:

    Locate and open the pop3d-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:

    • TLS_CERTFILE=/some/path/digicertpack.pem
    • TLS_TRUSTCERTS=/some/path/digicertca.txt

  6. File permissions:

    Make sure that the file permissions are set so that digicertpack.pem is readable by root only.

  7. Restart the Courier IMAP server.

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.