Question

How to Enable Elliptic Curve Cryptography (ECC) TLS/SSL

Posted March 28, 2014 5.2k views
I want to use TLS/SSL on my website (VPS is CentOS with a LAMP stack), but I want to use Elliptic Curve Cryptography for the cipher and sha256 (or other SHA-2 algorithm) for the signature hash algorithm. I am currently using RSA with SHA256, but want to change. I know that TLS/SSLincludes the cipher/security algorithm (like RSA or ECC) together with a signature hash algorithm (SHA-1, or one of the SHA-2 algorithms), and I know that RSA with SHA-1 is the most common currently. I am using TLS/SSL with RSA and sha256, but it fails when I attempt to apply an ECC TLS. Please help. I create my ECC private key and CSR with these OpenSSL commands: openssl ecparam -genkey -text -name secp521r1 -out example-ecc.key openssl req -new -key example-ecc.key -sha256 -out example-ecc.csr I got the TLS/SSL Certificate back from a CA, and modified the .conf file to change from the RSA cert to the ECC cert, but then Apache won't start.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
Hi Larry,

Could you post the error messages you log when Apache fails to start?
Submit an Answer