[openssl-users] How to use RSA certificate and ECC certificate simutaneously

Viktor Dukhovni openssl-users at dukhovni.org
Wed Nov 21 17:24:06 UTC 2018

> On Nov 21, 2018, at 3:11 AM, 毛 <maoly527 at 163.com> wrote:
> We are using SSL_CTX_use_certificate() instead of 
> SSL_CTX_use_certificate_chain_file().

Do you then add chain certificates one by one?

> Does it also support multiple certificate chains?

I believe it will work correctly in 1.1.x, and perhaps in 1.0.2, but
it has been a while since I've looked at the details.  Check the
documentation and if necessary the source code.  If the documentation
fails to describe this adequately, please open an issue on Github.

> And as I know, OpenSSL 1.0.2 and later have a separate chain store for
> each type of certificate (RSA, ECC or DSA), Is there any bad impact to
> call it multiple times for same type of certificate?

No, but only the last key/cert loaded for a given algorithm will be
used, any previous setting will be replaced.  Make sure always load
both to avoid having a certificate that does not match the private key.


More information about the openssl-users mailing list