Qmail SSL Certificate Updates

One of my email servers still uses Qmail.
Here are some notes on updating the SSL certificate with Qmail.

I purchased the certificates from Network Solutions.

First, you should have your private key file.
a) your_mailserver_com.key

The downloaded zipped file contained three files.
b) YOUR.MAILSERVER.COM.crt (server cert)
c) DV_NetworkSolutionsDVServerCA2.crt (intermediate or chain cert)
d) DV_USERTrustRSACertificationAuthority.crt (root cert?)

You concatenate all the four files above into one fine and change its suffix to "pem".
$ cat your_mailserver_com.key YOUR.MAILSERVER.COM.crt DV_NetworkSolutionsDVServerCA2.crt DV_USERTrustRSACertificationAuthority.crt > temp.pem

The pem file should look like below.

-----BEGIN RSA PRIVATE KEY-----
(private key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(server cert)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(intermediate cert)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(root cert)
-----END CERTIFICATE-----

Then, you replace new pem file with old one.
The locaion of the Qmail certificate file is /var/qmail/control/.
muko@mail:~$ ls -l /var/qmail/control/servercert.pem
-rw-r----- 1 vpopmail vchkpw 8274 Apr 14 14:10 /var/qmail/control/servercert.pem

Make sure the owner and permissions of the file.

Finally, restart the Qmail service.
$ qmailctl restart

By the way, according to some web pages, man qmail-smtpd suggests that servercert.pem "Should contain both the certificate and the private key. Certifying Authority (CA) and intermediate certificates can be added at the end of the file."

In my case, the qmail-showctl command tells "servercert.pem: I have no idea what this file does."

Also, the file /var/qmail/supervise/qmail-smtpd/run did not specify the cert files.

However, the file /usr/local/src/netqmail-1.06/Makefile-cert looks like making servercert.pem, so I think my Qmail uses servercert.pem (, and clientcert.pem is a symbolic link to servercet.pem).