My SSL certificate for my mail server had been expired for a few weeks now. When I finally got a round to installing a new one, I discovered the script I used to use to generate them missing. Instead I had to call OpenSSL directly. Luckily, the line wasn’t too hard to find.

After filling in the requisite fields in the configuration file — The most important being the “CN” field, which should contain the FQDN of the mail server.

/etc/courier/imapd.cnf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

RANDFILE = /usr/lib/courier/imapd.rand
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=AU
ST=QLD
L=Brisbane
O=Courier Mail Server
OU=Automatically-generated IMAP SSL key
CN=mail.example.com
emailAddress=postmaster@example.com
[ cert_type ]
nsCertType = server

Then generate the certificate itself with this incantation:

1
2
3

/usr/bin/openssl req -new -x509 -days 365 -nodes \
-config /etc/courier/imapd.cnf -out /usr/lib/courier/imapd.pem \
-keyout /usr/lib/courier/imapd.pem

Got rid of the annoying “This servers certificate is exipired” messages in my MUA anyway.