Multiple certificate option
Michael Hallager
michael at nettrust.nz
Sat Sep 7 12:07:56 EEST 2019
On 2019-09-07 12:25, remo--- via dovecot wrote:
> What is the best way to adopt multiple certs?
>
> Thanks.
/etc/dovecot/conf.d/10-ssl.conf
Primary SSL certificate:
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
#ssl = yes
ssl = required
("yes" or "required" - I use required)
# Minimum SSL protocol version to use. Potentially recognized values are
SSLv3,
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
ssl_min_protocol = TLSv1
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened
before
# dropping root privileges, so keep the key file unreadable by anyone
but
# root. Included doc/mkcert.sh can be used to easily generate
self-signed
# certificate, just make sure to update the domains in
dovecot-openssl.cnf
ssl_cert = </etc/ssl/private/mail-domain-tld.crt
ssl_key = </etc/ssl/private/mail-domain-tld.key
Secondary SSL certificates (I add this at the bottom of the file)
local_name mail.domain2.tld {
ssl_cert = </etc/ssl/private/mail-domain2-tld.crt
ssl_key = </etc/ssl/private/mail-domain2-tld.key
}
More information about the dovecot
mailing list