[openssl-users] DH-RSA and DH-DSS certificate creation

Matt Caswell matt at openssl.org
Wed Nov 4 00:29:35 UTC 2015



On 03/11/15 23:33, Jayadev Kumar wrote:
> Hi,
> 
> Can i create DH-RSA and DH-DSS  certificate using openssl ?

Yes.

> 
> If yes, Which openssl version has the support for it ?

1.0.2

> 
> Can i use DH-RSA and DH-DSS certificate with 'openssl s_server'
> application ?

Yes from version 1.0.2.

You cannot create "self-signed" DH certificates because DH is not a
signing algorithm. Therefore you *must* get a certificate from some kind
of CA. Dependant on what you want to use it for the easiest way is to
create your own CA (using an RSA key if you want DH-RSA, or a DSS key if
you want DH-DSS).

Once you have set up a CA you can create the DH certificate as described
in this answer on stackexchange:
http://security.stackexchange.com/a/82868

Matt


More information about the openssl-users mailing list