Can I set a different certificate per listen port?

Aki Tuomi aki.tuomi at open-xchange.com
Thu Apr 28 05:30:08 UTC 2022


> On 27/04/2022 22:14 Kees van Vloten <keesvanvloten at gmail.com> wrote:
> 
>  
> Hi all,
> 
> I am trying to setup dovecot to listen to imaps on the local network and 
> through haproxy from the internet.
> 
> service imap-login {
>    inet_listener imaps {
>      port = 993
>      ssl = yes
>    }
>    inet_listener imaps_haproxy {
>      haproxy = yes
>      port = 10993
>      ssl = yes
>    }
> }
> 
> Obviously the dns-name on the internet connection (10993) is different 
> than on the lan (993).
> 
> In the docs 
> (https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/) 
> I found multiple options, but unfortunately none of those have the 
> option to distinguish per listen port.
> 
> Is there a way to setup two different certificates for the two listeners?
> 
> - Kees

Hi!

Currently port is not supported. What we usually recommend here is that you use haproxy to distribute connections to different local IP addresses and use

local 127.0.0.5/32 {
  ssl_cert=</path
  ssl_key=</path
}

Aki


More information about the dovecot mailing list