On Wed, Mar 2, 2016 at 3:44 PM, Timo Sirainen tss@iki.fi wrote:
Would it work if you had a single .pem file containing both certs and a single file containing both keys?
OK, just tried this configuration but only the first certificate is working.
I used this order : rsa cert, ecdsa cert, intermediate and this one : rsa cert, intermediate, ecdsa cert, intermediate
in this case, both rsa and ec are signed by the same intermediate.
In apache we have to duplicate the cert / key lines one for rsa, one for edcda.
In postfix, we have some specific ecdsa conf keys.
So is there a way to do the same in dovecot ?
Looks like from OpenSSL code point of view the same cert/key loading functions can simply be called multiple times. There's currently no way to trigger that in Dovecot. But maybe the single .pem file would happen to work as well? If not, this would need some config changes and I'm not sure what would be the nicest way..
Perhaps the same way as postfix, to have a ssl_ecdsa_cert and a ssl_ecsda_key parameters ? Anyway, this is not urgent matters, it's just that now that let's encrypt give free rsa and ec certificates i wanted to use them both :)