Question
How to Enable Elliptic Curve Cryptography (ECC) TLS/SSL
I want to use TLS/SSL on my website (VPS is CentOS with a LAMP stack), but I want to use Elliptic Curve Cryptography for the cipher and sha256 (or other SHA-2 algorithm) for the signature hash algorithm. I am currently using RSA with SHA256, but want to change.
I know that TLS/SSLincludes the cipher/security algorithm (like RSA or ECC) together with a signature hash algorithm (SHA-1, or one of the SHA-2 algorithms), and I know that RSA with SHA-1 is the most common currently.
I am using TLS/SSL with RSA and sha256, but it fails when I attempt to apply an ECC TLS. Please help.
I create my ECC private key and CSR with these OpenSSL commands:
openssl ecparam -genkey -text -name secp521r1 -out example-ecc.key
openssl req -new -key example-ecc.key -sha256 -out example-ecc.csr
I got the TLS/SSL Certificate back from a CA, and modified the .conf file to change from the RSA cert to the ECC cert, but then Apache won't start.
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×