Creating a pem key

I’ve been looking at methods for secure IMAP connectivity using courier-imap. I need a certificate along with a full set of parent root certificates. I’ve already got all of these along with the private key in a java keystore that I use for authenticating Tomcat/Catalina hosts. So instead of creating the pem file I needed from scratch I looked around for methods of exporting what I already had.

After some trial and error I came across

It provides a Java based GUI that I pointed at my keystore file, provided the password and up it all came. I was able to export the private key as a .pem with all of the tiers of authority in single text file. Perfect.

To get the pem working using courier-imap I created a sym link to imapd.pem. in the courier-imap shared directory. Restarted the courier-imap service and away we go.

If you want to test an imap certificate try:
# openssl s_client -connect hostname:993

(Port 993 is the standard IMAP over SSL port)


Leave a Reply