[openssl-users] DH-RSA and DH-DSS certificate creation

Jayadev Kumar jayadev.kumar at gmail.com
Wed Nov 4 16:08:51 UTC 2015


Thanks Matt !

On Tue, Nov 3, 2015 at 4:29 PM, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 03/11/15 23:33, Jayadev Kumar wrote:
> > Hi,
> >
> > Can i create DH-RSA and DH-DSS  certificate using openssl ?
>
> Yes.
>
> >
> > If yes, Which openssl version has the support for it ?
>
> 1.0.2
>
> >
> > Can i use DH-RSA and DH-DSS certificate with 'openssl s_server'
> > application ?
>
> Yes from version 1.0.2.
>
> You cannot create "self-signed" DH certificates because DH is not a
> signing algorithm. Therefore you *must* get a certificate from some kind
> of CA. Dependant on what you want to use it for the easiest way is to
> create your own CA (using an RSA key if you want DH-RSA, or a DSS key if
> you want DH-DSS).
>
> Once you have set up a CA you can create the DH certificate as described
> in this answer on stackexchange:
> http://security.stackexchange.com/a/82868
>
> Matt
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151104/67e7570f/attachment.html>


More information about the openssl-users mailing list