Multi root certs support

Tomas Mraz tomas at openssl.org
Fri Mar 11 13:49:05 UTC 2022


Yes, this is a fully supported scenario.

You can even test it with the openssl s_server command - use -cert, -
key, and -cert_chain for the first certificate and -dcert, -dkey, and -
dcert_chain with the second one.

Tomas Mraz

On Fri, 2022-03-11 at 13:19 +0000, Kris Kwiatkowski wrote:
> Hello,
>  
>  On my server, I would like to support 2 certificate chains. One
> chain
>  would be signed with RSA and the other with EdDSA (so 2 complatelly
> different
>  chains with 2 root certificates). Then, let say, new clients that
> support 
>  EdDSA will choose to use it, otherwise I'll serve RSA for everybody
> else.
>  
>  I think a protocol can support such setup (only interested in
> TLSv1.3), but
>  is that feature implementated by OpenSSL?
>  
>  Kind regards,
>  Kris
> 
>  

-- 
Tomáš Mráz, OpenSSL




More information about the openssl-users mailing list