Can I set a different certificate per listen port?
Aki Tuomi
aki.tuomi at open-xchange.com
Thu Apr 28 05:30:08 UTC 2022
> On 27/04/2022 22:14 Kees van Vloten <keesvanvloten at gmail.com> wrote:
>
>
> Hi all,
>
> I am trying to setup dovecot to listen to imaps on the local network and
> through haproxy from the internet.
>
> service imap-login {
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> inet_listener imaps_haproxy {
> haproxy = yes
> port = 10993
> ssl = yes
> }
> }
>
> Obviously the dns-name on the internet connection (10993) is different
> than on the lan (993).
>
> In the docs
> (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/)
> I found multiple options, but unfortunately none of those have the
> option to distinguish per listen port.
>
> Is there a way to setup two different certificates for the two listeners?
>
> - Kees
Hi!
Currently port is not supported. What we usually recommend here is that you use haproxy to distribute connections to different local IP addresses and use
local 127.0.0.5/32 {
ssl_cert=</path
ssl_key=</path
}
Aki
More information about the dovecot
mailing list