On 02 Mar 2016, at 10:02, Jean-Baptiste Vignaud <flint42@gmail.com> wrote:
Hello all;
Is anyone knows if it's possible to have a dual certificate setup on dovecot like in postfix or apache ?
i tried to add several crts in local name section :
local_name imap.server.tdl { ssl_cert = <server_rsa_crt.pem ssl_key = <server_rsa_key.pem ssl_cert = <server_ecdsa_crt.pem ssl_key = <server_ecdsa_key.pem }
but it seems that dovecot takes the last one (ecdsa) and that rsa cert is not used.
Would it work if you had a single .pem file containing both certs and a single file containing both keys?
In apache we have to duplicate the cert / key lines one for rsa, one for edcda.
In postfix, we have some specific ecdsa conf keys.
So is there a way to do the same in dovecot ?
Looks like from OpenSSL code point of view the same cert/key loading functions can simply be called multiple times. There's currently no way to trigger that in Dovecot. But maybe the single .pem file would happen to work as well? If not, this would need some config changes and I'm not sure what would be the nicest way..