Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added. Save the file as yourdomain.crt.
1. Copy your server certificate from the body of the email into a new file. Copy the contents of your private key file (yourdomain.key) into the same file. yourdomain.key - which will have been generated by your server when the original CSR was created. The final file should look like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[encoded data]
-----END RSA PRIVATE KEY-----Ensure that there are NO blank lines between the key and certificate.
2. Save the certificate plus private key file as yourdomain_cert_key, and save to a suitable location.
3. To secure your IMAP, locate and open imapd-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:
TLS_CERTFILE=/some/path/openguild_cert_and_key
4. To secure your POP3, locate and open pop3d-ssl file (typically found in /usr/lib/courier-imap/etc/). Add the following directives and file locations:
TLS_CERTFILE=/some/path/openguild_cert_and_key
5. Ownership and permissions on the certificate files are important:
# ls -alF /some/path/
drwxr-xr-x 2 root root 4096 Jun 7 19:29 ./
drwxr-xr-x 24 root root 4096 Jun 7 18:21 ../
-r--r----- 1 root root 2030 Jun 7 19:29 yourdomain_cert_key