How to Enable Elliptic Curve Cryptography (ECC) TLS/SSL

March 28, 2014 2.7k views
I want to use TLS/SSL on my website (VPS is CentOS with a LAMP stack), but I want to use Elliptic Curve Cryptography for the cipher and sha256 (or other SHA-2 algorithm) for the signature hash algorithm. I am currently using RSA with SHA256, but want to change. I know that TLS/SSLincludes the cipher/security algorithm (like RSA or ECC) together with a signature hash algorithm (SHA-1, or one of the SHA-2 algorithms), and I know that RSA with SHA-1 is the most common currently. I am using TLS/SSL with RSA and sha256, but it fails when I attempt to apply an ECC TLS. Please help. I create my ECC private key and CSR with these OpenSSL commands: openssl ecparam -genkey -text -name secp521r1 -out example-ecc.key openssl req -new -key example-ecc.key -sha256 -out example-ecc.csr I got the TLS/SSL Certificate back from a CA, and modified the .conf file to change from the RSA cert to the ECC cert, but then Apache won't start.
1 Answer
Hi Larry,

Could you post the error messages you log when Apache fails to start?
Have another answer? Share your knowledge.