Multi root certs support
Tomas Mraz
tomas at openssl.org
Fri Mar 11 13:49:05 UTC 2022
Yes, this is a fully supported scenario.
You can even test it with the openssl s_server command - use -cert, -
key, and -cert_chain for the first certificate and -dcert, -dkey, and -
dcert_chain with the second one.
Tomas Mraz
On Fri, 2022-03-11 at 13:19 +0000, Kris Kwiatkowski wrote:
> Hello,
>
> On my server, I would like to support 2 certificate chains. One
> chain
> would be signed with RSA and the other with EdDSA (so 2 complatelly
> different
> chains with 2 root certificates). Then, let say, new clients that
> support
> EdDSA will choose to use it, otherwise I'll serve RSA for everybody
> else.
>
> I think a protocol can support such setup (only interested in
> TLSv1.3), but
> is that feature implementated by OpenSSL?
>
> Kind regards,
> Kris
>
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list