Enabled IMAP SSL on ISPConfig 2.x

Mindwatering Incorporated

Author: Tripp W Black

Created: 12/16/2013 at 02:36 PM

 

Category:
Linux
Configuration

Issue:
IMAP SSL is not enabled. Connections time-out.

Solution:
The ports are already enabled in the server's Postfix configuration settings.
The firewall port just needs to be opened.

1. Log into the web site.
2. Choose Management tab --> Server (+ / - twistie) --> Services option --> Firewall tab (on right).
3. Click Add button.
4. Complete the following:
Name: IMAP-SSL
Active: Yes (keep default)
Type: TCP (keep default)
Port: 993
5. Click Save.

Try again.

By default ISPConfig uses self-certified certs. If you have replaced the management certificate with a commercially purchased one, you can also use it for your IMAP SSL:
1. save a copy of existing IMAP certs.
# mv /etc/postfix/ssl/smtpd.crt /etc/postfix/ssl/smtpd_old.crt
# mv /etc/postfix/ssl/smtpd.key /etc/postfix/ssl/smtpd_old.key

2. To update SMTP, copy the ones from the http/conf/ssl.key and ssl.crt folders to the posffix location.
# cd /root/ispconfig/httpd/conf/ssl.key/
# cp server.key /etc/postfix/ssl/smtpd.key
# cd /root/ispconfig/httpd/conf/ssl.crt/
# cp server.crt /etc/postfix/ssl/smtpd.crt
# chmod 644 smtpd.crt // update this line as appropriate for your distro
# chmod 640 smtpd.key

3. To update IMAP, copy the server cert and key files to the /etc/courier/ folder. Then merge the certs together into a single PEM. Copy the bundle certs and convert to pem.
# cd /root/ispconfig/httpd/conf/ssl.key/
# cp server.crt /etc/courier/
# cp server.key /etc/courier/
# cd /etc/courier/
# cat server.crt >> server.key
# mv server.key server.pem
# rm server.crt

Now fix the heading for the private key and get rid of the RSA part of the private key so that it reads ---- BEGIN PRIVATE KEY ---- and ----END PRIVATE KEY ----.
# vi server.pem
# chmod 640 smtpd.key

Now copy the bundle to the /etc/ssl/certs folder and use openssl to convert the file.
# cd /root/ispconfig/httpd/conf/ssl.key/
# cp mybundlecerts.crt /etc/ssl/certs/ // this might already be done if you did it as part of the httpd update.
# openssl x509 -in mybundlecerts.crt -out mybundlecerts.pem -outform PEM


ISP Config 3.x Notes:
The paths have changed to those below:
Alternate ispconfig path: /usr/local/ispconfig
Alternate SSL/TLS path: /usr/local/ispconfig/interface/ssl/

PureFTPD SSL/TLS path:
/etc/ssl/private/ (pem and key)
/etc/ssl/certs/ (bundle)




previous page

×