Dual certificate

list at airstreamcomm.net list at airstreamcomm.net
Wed Mar 2 15:01:44 UTC 2016


Google multi domain certificates.  Comodo sells a multi domain wild card certificate that we use to host multiple SSL domains on dovecot and postfix successfully.  You install the single certificate and reissue and reinstall after adding a new domain.

> On Mar 2, 2016, at 2:02 AM, Jean-Baptiste Vignaud <flint42 at gmail.com> wrote:
> 
> Hello all;
> 
> 
> Is anyone knows if it's possible to have a dual certificate setup on
> dovecot like in postfix or apache ?
> 
> i tried to add several crts in local name section  :
> 
> local_name imap.server.tdl {
> ssl_cert = <server_rsa_crt.pem
> ssl_key = <server_rsa_key.pem
> ssl_cert = <server_ecdsa_crt.pem
> ssl_key = <server_ecdsa_key.pem
> }
> 
> but it seems that dovecot takes the last one (ecdsa) and that rsa cert is
> not used.
> 
> 
> to check if booth are working, i check with openssl:
> 
> openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
> imap -servername imap.server.tdl  -cipher ECDHE-RSA-AES128-GCM-SHA256 for
> rsa
> 
> and
> 
> openssl s_client openssl s_client -connect imap.server.tdl:143 -starttls
> imap -servername imap.server.tdl  -cipher ECDHE-ECDSA-AES128-GCM-SHA256 for
> ecdsa
> 
> In apache we have to duplicate the cert / key lines one for rsa, one for
> edcda.
> 
> In postfix, we have some specific ecdsa conf keys.
> 
> So is there a way to do the same in dovecot ?
> 



More information about the dovecot mailing list