IMAP over SSL requires a valid, signed, X.509 certificate. The default location for the certificate file is /usr/local/share/courier-imap/imapd.pem. mkimapdcert generates a self-signed X.509 certificate, mainly for testing. For production use the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate.
/usr/local/share/courier-imap/imapd.pem must be owned by the root user and have no group or world permissions. The mkimapdcert command will enforce this. To prevent an unfortunate accident, mkimapdcert will not work if /usr/local/share/courier-imap/imapd.pem already exists.
mkimapdcert requires OpenSSL to be installed.
/usr/local/etc/courier-imap/imapd.cnfParameters used by OpenSSL to create the X.509 certificate.
1. courier(8) [set $man.base.url.for.relative.links]/courier.html
|Courier Mail Server||MKIMAPDCERT (8)||06/27/2015|