> Since X25519 is not the first "encrypt-only" algorithm in the > OpenSSL universe, how was requesting certificates handled for > such algorithms in the past? It wasn't. > For example how would one request a DH certificate? You couldn't. I don't recall anyone ever asking for such a thing on the public lists.