Dual certificate

Jean-Baptiste Vignaud flint42 at gmail.com
Wed Mar 2 08:02:48 UTC 2016


Hello all;


Is anyone knows if it's possible to have a dual certificate setup on
dovecot like in postfix or apache ?

i tried to add several crts in local name section  :

local_name imap.server.tdl {
ssl_cert = <server_rsa_crt.pem
ssl_key = <server_rsa_key.pem
ssl_cert = <server_ecdsa_crt.pem
ssl_key = <server_ecdsa_key.pem
}

but it seems that dovecot takes the last one (ecdsa) and that rsa cert is
not used.


to check if booth are working, i check with openssl:

openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
imap -servername imap.server.tdl  -cipher ECDHE-RSA-AES128-GCM-SHA256 for
rsa

and

openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
imap -servername imap.server.tdl  -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for
ecdsa

In apache we have to duplicate the cert / key lines one for rsa, one for
edcda.

In postfix, we have some specific ecdsa conf keys.

So is there a way to do the same in dovecot ?


More information about the dovecot mailing list