[openssl-users] Creating an X25519-based Certificate
Matt Caswell
matt at openssl.org
Thu Jun 30 16:11:58 UTC 2016
On 30/06/16 16:54, Salz, Rich wrote:
>> Since X25519 is not the first "encrypt-only" algorithm in the
>> OpenSSL universe, how was requesting certificates handled for
>> such algorithms in the past?
>
> It wasn't.
>
>> For example how would one request a DH certificate?
>
> You couldn't.
>
> I don't recall anyone ever asking for such a thing on the public lists.
>
There is no standardised way of requesting a DH certificate that I know of.
Nonetheless OpenSSL does support the generation of DH certificates, but
it's a bit nasty:
https://security.stackexchange.com/questions/44251/openssl-generate-different-types-of-self-signed-certificate/82868#82868
Matt
More information about the openssl-users
mailing list