This HOWTO covers the configuration of Courier pop3d with SSL. This HOWTO assumes you have installed Courier's IMAP/POP3 installation.

Please note that paths may vary from distro to distro


# cp /usr/local/etc/pop3d-ssl.dist /usr/local/etc/pop3d-ssl
# cp /usr/local/etc/pop3d.dist /usr/local/etc/pop3d

Modify /usr/local/etc/pop3d-ssl so it includes the below lines.


POP3DSSLSTART=YES
TLS_CERTFILE=/usr/local/share/pop3d.pem

Create the pop3d-ssl cert by running the following command.


# /usr/local/sbin/mkpop3dcert

Create the pop3d-ssl start script and start pop3d-ssl, by running the below commands.


# cp /usr/local/libexec/pop3d-ssl.rc /usr/local/etc/rc.d/init.d/pop3s
# /usr/local/etc/rc.d/pop3s start

Add the last line above to /etc/rc.local to ensure pop3d-ssl starts at boot.

Installing your SSL Certificate into Outlook or Outlook Express

The PEM file holds your certificate and your private key. Split them into
two files using a text editor and copy commands:


# cp blah.pem usercert.pem
# cp blah.pem userkey.pem

In usercert.pem delete the section for the private key
(marked with the following:


---- BEGIN RSA PRIVATE KEY ---- and ---- END RSA PRIVATE KEY ----)

In userkey.pem delete everything but the private key

To convert the current .pem to a readable format so Outlook can import it, we use this method:

From .pem to .p12


# openssl pkcs12 -export -out cert.p12 -inkey ./userkey.pem -in ./usercert.pem


It will ask you to enter your PEM pass phrase twice. Enter both correctly and you will now have a .p12 file!