Hello all;
Is anyone knows if it's possible to have a dual certificate setup on dovecot like in postfix or apache ?
i tried to add several crts in local name section :
local_name imap.server.tdl { ssl_cert = <server_rsa_crt.pem ssl_key = <server_rsa_key.pem ssl_cert = <server_ecdsa_crt.pem ssl_key = <server_ecdsa_key.pem }
but it seems that dovecot takes the last one (ecdsa) and that rsa cert is not used.
to check if booth are working, i check with openssl:
openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls imap -servername imap.server.tdl -cipher ECDHE-RSA-AES128-GCM-SHA256 for rsa
and
openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls imap -servername imap.server.tdl -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for ecdsa
In apache we have to duplicate the cert / key lines one for rsa, one for edcda.
In postfix, we have some specific ecdsa conf keys.
So is there a way to do the same in dovecot ?