Dual certificate
Jean-Baptiste Vignaud
flint42 at gmail.com
Wed Mar 2 08:02:48 UTC 2016
Hello all;
Is anyone knows if it's possible to have a dual certificate setup on
dovecot like in postfix or apache ?
i tried to add several crts in local name section :
local_name imap.server.tdl {
ssl_cert = <server_rsa_crt.pem
ssl_key = <server_rsa_key.pem
ssl_cert = <server_ecdsa_crt.pem
ssl_key = <server_ecdsa_key.pem
}
but it seems that dovecot takes the last one (ecdsa) and that rsa cert is
not used.
to check if booth are working, i check with openssl:
openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
imap -servername imap.server.tdl -cipher ECDHE-RSA-AES128-GCM-SHA256 for
rsa
and
openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
imap -servername imap.server.tdl -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for
ecdsa
In apache we have to duplicate the cert / key lines one for rsa, one for
edcda.
In postfix, we have some specific ecdsa conf keys.
So is there a way to do the same in dovecot ?
More information about the dovecot
mailing list