Courier IMAP has a default certificate for SLL communication, but it's only valid for a year and has bogus, default information in it. You can use a utility to generate a new certificate and, with a little perseverance, find the configuration file from which it draws its parameters. With these parameters, you can make a slightly better certificate, but it's better to use OpenSSL to generate a proper certificate, based either on a trusted certificate or self-signed. However, OpenSSL's default output does not include the combined private key/certificate file expected by Courier. To do that, I adapted the instructions found in <a href="http://www.digicert.com/ssl-certificate-installation-courier-imap.htm">Courier IMAP SSL Certificate Installation</a> to create the combined PEM file and reference it from the courier configuration file. In my case, I just re-used the certificates I'd already generated for TLS SMTP access with Postfix, which I'd stored at <c>/etc/postfix/keys/</c>. All instructions are for a Debian Etch installation. Open a text editor and paste the contents of the primary certificate and the private key one after another in the following order: <ol> The Primary Certificate (server.crt) The Private Key (server.key) </ol> Include the <c>BEGIN</c> and <c>END</c> tags on each. The result should look like this: <code> -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: server.crt) -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- (Your Private Key: server.key) -----END RSA PRIVATE KEY----- </code> Save the combined file as <c>server.pem</c>. Finally, open the <c>/etc/courier/imapd-ssl</c> file and update the following value to reference the new PEM file. <code> TLS_CERTFILE=/etc/postfix/keys/server.pem </code> Restart the Courier server by executing <c>/etc/init.d/courier-imap-ssl restart</c> and you're done.