On Wed, Mar 2, 2016 at 3:44 PM, Timo Sirainen <t...@iki.fi> wrote: > > > Would it work if you had a single .pem file containing both certs and a > single file containing both keys? >
OK, just tried this configuration but only the first certificate is working. I used this order : rsa cert, ecdsa cert, intermediate and this one : rsa cert, intermediate, ecdsa cert, intermediate in this case, both rsa and ec are signed by the same intermediate. > > In apache we have to duplicate the cert / key lines one for rsa, one for > > edcda. > > > > In postfix, we have some specific ecdsa conf keys. > > > > So is there a way to do the same in dovecot ? > > Looks like from OpenSSL code point of view the same cert/key loading > functions can simply be called multiple times. There's currently no way to > trigger that in Dovecot. But maybe the single .pem file would happen to > work as well? If not, this would need some config changes and I'm not sure > what would be the nicest way.. > Perhaps the same way as postfix, to have a ssl_ecdsa_cert and a ssl_ecsda_key parameters ? Anyway, this is not urgent matters, it's just that now that let's encrypt give free rsa and ec certificates i wanted to use them both :)