I have a Dovecot default certificate "dovecot.pem" which is for localhost.
My email client uses "domain1" and "domain2" as email hosts.
Herefore I have two more self-signed certificates "domain1.crt" and "domain2.crt".
Now, how do I create a chained ssl certificate for Dovecot, including domain1 and domain2?
Asked
Active
Viewed 778 times
2
udgru
- 131
- 1
1 Answers
4
Now, how do I create a chained ssl certificate for Dovecot, including domain1 and domain2?
The term chained certificate is used when there are intermediates certificate between a certificate and the roots certificate.
Your ultimate goal is providing dovecot service with SSL for multiple domain. Your current dovecot configuration is using default localhost.pem and you want dovecot to serve it with certificate for two domains. So, we have two alternative solutions here:
Generate new self-signed-certificate with Subject Alternative Name (SAN). You can use some tutorial in
Use SNI capabilities from Dovecot Server. Unfortunately, this only works with client TLS SNI (Server Name Indication) support. To do this you need
local_nameparameter.local_name imap.example.org { ssl_cert = </etc/ssl/certs/imap.example.org.crt ssl_key = </etc/ssl/private/imap.example.org.key } local_name imap.example2.org { ssl_cert = </etc/ssl/certs/imap.example2.org.crt ssl_key = </etc/ssl/private/imap.example2.org.key }
The other alternative is using single and global domain IMAP for your server. For example, instead telling client to connect with "domain1" or "domain2", you can tell it to connect with "myimap.example.com" who handle both "domain1" and "domain2". Many IMAP and POP3 clients don't have SNI capabilities with them.
masegaloeh
- 17,978
- 9
- 56
- 104