I want to use TLS/SSL on my website (VPS is CentOS with a LAMP stack), but I want to use Elliptic Curve Cryptography for the cipher and sha256 (or other SHA-2 algorithm) for the signature hash algorithm. I am currently using RSA with SHA256, but want to change.
I know that TLS/SSLincludes the cipher/security algorithm (like RSA or ECC) together with a signature hash algorithm (SHA-1, or one of the SHA-2 algorithms), and I know that RSA with SHA-1 is the most common currently.
I am using TLS/SSL with RSA and sha256, but it fails when I attempt to apply an ECC TLS. Please help.
I create my ECC private key and CSR with these OpenSSL commands:
openssl ecparam -genkey -text -name secp521r1 -out example-ecc.key
openssl req -new -key example-ecc.key -sha256 -out example-ecc.csr
I got the TLS/SSL Certificate back from a CA, and modified the .conf file to change from the RSA cert to the ECC cert, but then Apache won't start.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart.
If you run into issues leave a comment, or add your own answer to help others.