Hello, Do the NSS APIs allow creating a new Diffie-Hellman SSL server certificate? From what I understand, we need to generate DH parameters and create an X509 certificate with the DH public key (and params) in the subject public key info. This certificate is then signed by a CA using RSA and DSS (hence the DH_RSA_* and DH_DSS_* SSL cipher suites).
We are not trying to create a certificate for ephemeral Diffie-Hellman key exchange, where the DH public key and params are signed with a RSA or DSA certificate, which is in turn signed by a CA. This should be a relatively simple thing to do, but I can't seem to find anything online. It might be that nobody uses DH certificates these days or that I am looking in the wrong direction. Regards, Peter Djalaliev _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
