On Sun, Aug 29, 2010 at 3:07 PM, Peer Heinlein
<p.heinlein+dovecot@heinlein-support.de> wrote: > > I don't understand how to use multiple keys/certs on different IPs > without SNI. > > http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use > different keys for different protocols like POP3 and IMAP. > > But how to bind those keys/ on IPs/Ports? > > Looks like it is not possible to use ssl_cert inside > > service { inet_listener {} } > > > Is it still necessary to run multiple instances like it was in Dovecot > 1.2.x?
After the initial ssl stuff (ssl=yes, etc), you just need a number of 'local' stanzas, each looking like:
local <ip address> { ssl_cert =
one after another. I haven't tried doing it with different ports though; I just use iptables to DNAT ports to different private IPs.
And IIRC you still need a top-level "default" ssl_key and ssl_cert as well, or it'll complain.