I’ve been looking at methods for secure IMAP connectivity using courier-imap. I need a certificate along with a full set of parent root certificates. I’ve already got all of these along with the private key in a java keystore that I use for authenticating Tomcat/Catalina hosts. So instead of creating the pem file I needed from scratch I looked around for methods of exporting what I already had.
After some trial and error I came across
It provides a Java based GUI that I pointed at my keystore file, provided the password and up it all came. I was able to export the private key as a .pem with all of the tiers of authority in single text file. Perfect.
To get the pem working using courier-imap I created a sym link to imapd.pem.
If you want to test an imap certificate try:
# openssl s_client -connect hostname:993
(Port 993 is the standard IMAP over SSL port)