similar to: Different SSL certificates per IP and protocol

I've tried setting up multiple SSL-Certificates (using letsencrypt) for dovecot on my ubuntu machine. Used dovecot version is 2.2.18. Regarding to official docs this should be working. My test-client (Thunderbird on linux) has been mentioned to be working fine with SNI here: https://wiki.dovecot.org/SSL/SNIClientSupport https://wiki.dovecot.org/SSL/DovecotConfiguration#line-89 >

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

I have to manage 2 different domains, with 1 ssl certificate each, but I don't know how to configure them. I tried this example: "Different certificates per IP and protocol" http://wiki2.dovecot.org/SSL/DovecotConfiguration but I got this error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set I dont find any documentation

On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > > On 21.11.2019 23.57, Marc Roos via dovecot wrote: > > Is it possible to configure a network for a cert instead of an ip? > > > > Something like this: > > > > local 192.0.2.0 { > > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem > >

On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > On 27/11/2019 21:28 Mark Moseley via dovecot <dovecot at dovecot.org> > wrote: > > > > > > On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot < > dovecot at dovecot.org> wrote: > > > > > > On 21.11.2019 23.57, Marc Roos via dovecot

I don't understand how to use multiple keys/certs on different IPs without SNI. http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use different keys for different protocols like POP3 and IMAP. But how to bind those keys/ on IPs/Ports? Looks like it is not possible to use ssl_cert inside service { inet_listener {} } Is it still necessary to run multiple instances like

Is it possible to configure a network for a cert instead of an ip? Something like this: local 192.0.2.0 { ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem } Or local 192.0.2.0/24 { ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem }

On 08/14/15 20:30, dravion.smith at gmx.net wrote: > > ### CORRECTION > Am 15.08.2015 um 03:22 schrieb dravion.smith at gmx.net: >> >> #### BUT #### >> If i try something like this in /etc/dovecot/conf.d/10-ssl.conf >> local_name imap.mydomain01.tld >> local imap.mydomain01.tld { >> protocol imap { >> ssl_cert = >>

Hi, I'm using the Dovecot Prebuilt Binary: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration). Since my last update I get some warnings: doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an

Hi. Little story :-) I'm playing with dovecot 2.2.25 and multiple SSL certificates. ~7000 certificates which are loaded twice, so my dovecot has ~14 000 certificate pairs (14k key + 14k cert) in config. 14 000 local_name entries. Like these: local_name imap.example.com { ssl_cert = </etc/certs/cert1.pem ssl_key = </etc/certs/cert1.pem } local_name pop3.example.com { ssl_cert =

Thanks Michael I will check with the free cert lets encrypt to test it. Remo > Il giorno 7 set 2019, alle ore 02:09, Michael Hallager via dovecot <dovecot at dovecot.org> ha scritto: > > ?On 2019-09-07 12:25, remo--- via dovecot wrote: >> What is the best way to adopt multiple certs? >> Thanks. > > /etc/dovecot/conf.d/10-ssl.conf > > Primary SSL

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

Hi, This topic has been discussed before e.g: <QUOTE> On 2008-08-07, at 1143, Kacper Wysocki wrote: The problem is that the configuration file specifies only one certificate file for dovecot, which means only one Common Name, which means one cannot provide one server cert that will match mail.foo.com AND mail.bar.com, and either ma... at foo.com or bo... at bar.com will get a

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

List, good afternoon, I was reading up on a TLS Diffie Hellman protocol weakness described here https://weakdh.org/sysadmin.html which is similar to the earlier FREAK attack, and can result in downgrade of cipher suites. Part of the solution workaround that the researchers describe for Dovecot here https://weakdh.org/sysadmin.html includes altering DH parameters length to 2048, and

When running Dovecot with Postfix under Virtualmin on my VPS, I was wondering if there was a way for it to handle a separate certificate for each domain and IP address? Thank you.

Hello, I would like to set up an authentication using certificate with Dovecot: A user sends mail to Postfix and Dovecot authentication is valid only if certificate is trusted. So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration but it is not running. Here are the postfix logs: Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory:

Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of

> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > Am 29.07.2018 um 21:02 schrieb J Doe: >> Hello, >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to