one thing would be fine too * having a PEM file with Cert/Key/Intermediate-CA * in that case no need for "ssl_ca_name" in "ssl_multicert.config"
the valid usecase here is that the wildcard-cert we are using starting with 2014/01 is used for mail, http and whatnot - dovecot has no config for the CA file, so the PEM file contains already the full chain which looks like at the bottom in case of different certs from different CA's used for different services this my make things less error-prone, not a big deal, only a wish if someone has the knowledge and is willing to implement it __________________________________________ http://wiki2.dovecot.org/SSL/DovecotConfiguration Chained SSL certificates Put all the certificates in the ssl_cert file. For example when using a certificate signed by TDC the correct order is: Dovecot's public certificate TDC SSL Server CA TDC Internet Root CA Globalsign Partners CA __________________________________________ [root@proxy:~]$ cat /etc/pki/wildcard.pem -----BEGIN CERTIFICATE----- ******************** -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- ******************** -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- ******************** -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ******************** -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ******************** -----END CERTIFICATE-----
signature.asc
Description: OpenPGP digital signature
