14387 shaares
5333 private links
5333 private links
The most important SSL settings are (in conf.d/10-ssl.conf):
ssl = yes
# Preferred permissions: root:root 0444
ssl_cert = </etc/ssl/certs/dovecot.pem
# Preferred permissions: root:root 0400
ssl_key = </etc/ssl/private/dovecot.pemIf you have multiple IPs available, this method is guaranteed to work with all clients.
local 192.0.2.10 { # instead of IP you can also use hostname, which will be resolved
protocol imap {
ssl_cert = </etc/ssl/dovecot/imap-01.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/imap-01.example.com.key.pem
}
protocol pop3 {
ssl_cert = </etc/ssl/dovecot/pop-01.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/pop-01.example.com.key.pem
}
}
local 192.0.2.20 {
protocol imap {
ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
}
protocol pop3 {
ssl_cert = </etc/ssl/dovecot/pop-02.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/pop-02.example.com.key.pem
}
}Note that you will still need a top-level "default" ssl_key and ssl_cert as well, or you will receive errors.
