Gerald Pattillo wrote:
>
> I am trying to set up a secure connection using royalty-free protocols.
> Since I will own both ends, I can choose the ciphersuite to use, which
> will be DH_DSS_DES_192_CBC3_SHA. I now have the RSA version
> working, but in order to be avoid RSA royalties, I need to know how to
> generate a certificate with DH parameters, signed with DSA. Can I use
> the openssl tool for this??? Thanks for any help.
>
You don't need the parameters signed with DSA. You need some DH
parameters, a DSA private key and a DSA certificate.
You can generate DH parameters with openssl gendh, for example:
openssl gendh -out dhparam.pem 1024
Theres a technique for generating DSA certificates outlined at the end
of my PKCS#12 FAQ (see homepage), you can ignore the stuff about ca-fix.
This is just one of several different ways to generate DSA CAs and
certificates.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
