Dual certificate

Jean-Baptiste Vignaud flint42 at gmail.com
Thu Mar 3 08:08:42 UTC 2016


On Wed, Mar 2, 2016 at 3:44 PM, Timo Sirainen <tss at iki.fi> wrote:

>
>
> Would it work if you had a single .pem file containing both certs and a
> single file containing both keys?
>

OK, just tried this configuration but only the first certificate is
working.

I used this order : rsa cert, ecdsa cert, intermediate
and this one : rsa cert, intermediate, ecdsa cert, intermediate

in this case, both rsa and ec are signed by the same intermediate.


> > In apache we have to duplicate the cert / key lines one for rsa, one for
> > edcda.
> >
> > In postfix, we have some specific ecdsa conf keys.
> >
> > So is there a way to do the same in dovecot ?
>
> Looks like from OpenSSL code point of view the same cert/key loading
> functions can simply be called multiple times. There's currently no way to
> trigger that in Dovecot. But maybe the single .pem file would happen to
> work as well? If not, this would need some config changes and I'm not sure
> what would be the nicest way..
>

Perhaps the same way as postfix, to have a  ssl_ecdsa_cert and a
ssl_ecsda_key parameters ?
Anyway, this is not urgent matters, it's just that now that let's encrypt
give free rsa and ec certificates i wanted to use them both :)


More information about the dovecot mailing list