SSL Configuration¶

For more details see:

disable_plaintext_auth = no

Should we allow plaintext authentication or require clients to always use SSL/TLS?

ssl_cert = </etc/dovecot/dovecot.crt
ssl_key = </etc/dovecot/dovecot.key

SSL certificate and SSL secret key files. You must use the < prefix so Dovecot reads the cert/key from the file. (Without < Dovecot assumes that the certificate is directly included in the dovecot.conf.) For using different SSL certificates for different IP addresses you can put them inside local {} blocks:

local 10.0.0.1 {
ssl_cert = </etc/dovecot/dovecot.crt
ssl_key = </etc/dovecot/dovecot.key
 }
 local 10.0.0.2 {
 ssl_cert = </etc/dovecot/dovecot2.crt
 ssl_key = </etc/dovecot/dovecot2.key
}

If you need different SSL certificates for IMAP and POP3 protocols, you can put them inside protocol {} blocks :

 local 10.0.0.1 {
 protocol imap {
     ssl_cert = </etc/dovecot/dovecot-imap.crt
     ssl_key = </etc/dovecot/dovecot-imap.key
 }
 protocol pop3 {
     ssl_cert = </etc/dovecot/dovecot-pop3.crt
     ssl_key = </etc/dovecot/dovecot-pop3.key
 }
}

Dovecot supports also using TLS SNI extension for giving different SSL certificates based on the server name when using only a single IP address, but the TLS SNI isn’t yet supported by all clients so that may not be very useful.

It’s anyway possible to configure it by using local_name imap.example.com {} blocks.

SSL Configuration¶

Navigation

Related Topics