[openssl-users] DH-RSA and DH-DSS certificate creation
matt at openssl.org
Wed Nov 4 00:29:35 UTC 2015
On 03/11/15 23:33, Jayadev Kumar wrote:
> Can i create DH-RSA and DH-DSS certificate using openssl ?
> If yes, Which openssl version has the support for it ?
> Can i use DH-RSA and DH-DSS certificate with 'openssl s_server'
> application ?
Yes from version 1.0.2.
You cannot create "self-signed" DH certificates because DH is not a
signing algorithm. Therefore you *must* get a certificate from some kind
of CA. Dependant on what you want to use it for the easiest way is to
create your own CA (using an RSA key if you want DH-RSA, or a DSS key if
you want DH-DSS).
Once you have set up a CA you can create the DH certificate as described
in this answer on stackexchange:
More information about the openssl-users