[openssl-users] How to use RSA certificate and ECC certificate simutaneously

maoly527 at 163.com
Wed Nov 21 08:11:40 UTC 2018


Hi Viktor, Many thanks for your response.

We are using SSL_CTX_use_certificate() instead of SSL_CTX_use_certificate_chain_file(). Does it also support multiple certificate chains?

And as I know, OpenSSL 1.0.2 and later have a separate chain store for each type of certificate (RSA, ECC or DSA),
Is there any bad impact to call it multiple times for same type of certificate?



Best Regards,
Jane

At 2018-11-20 23:44:59, "Viktor Dukhovni" <openssl-users at dukhovni.org> wrote:
>> On Nov 20, 2018, at 9:48 AM, maoly527 <maoly527 at 163.com> wrote:
>> 
>> Does anyone know how to use RSA and ECC certificate simultaneously in one server?
>
>You just configure two private keys and two certificate chains by calling:
>
>  if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) {
>	/* error */;
>  }
>  if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
>       /* error */;
>  }
>  if (SSL_CTX_check_private_key(ctx) != 0) {
>	/* error */;
>  }	
>
>once for each "cert_file" and associated "key_file" (the same file often
>holds both, in which case cert_file == key_file).  The SSL error stack
>will contain error details.
>
>The SSL library will automatically select the appropriate key and certificate
>chain.
>
>-- 
>	Viktor.
>
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181121/d720c430/attachment.html>


More information about the openssl-users mailing list