Getting setup with DHE and RSA

[David Murphy]

Hi - We re trying to use the cipher suites :-   SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   and despite much time spent are getting absolutely nowhere trying to figure out how to setup so that that the OpenSSL server_c will accept them during an SSL handshake ....   1. We have been told that we need a DSA (not RSA) certificate when Diffie Hellman. OK - what are the ** specific ** steps (and program arguments) to generate this using OpenSSL? There is something called gendsa.c and dsaparam.c. How do I use these programs (or any others required) to generate a DSA cert?   A specific example would be most helpful please..   I tried using some PEM files that appear to contain DSA certs but OpenSSL always asks for a passphrase. How do I find out what to enter there?   2. We have been told that we also need to generate ephemeral DH parameters. What are the specific steps to generate these using OpenSSL?. There is something called gendh.c - is that what we should use?   A specific example would be most helpful please..     3. How do I install/setup the results of 1 and 2 so that OpenSSL will accept our cipher suites?   A specific example would be most helpful please..     Thanks   David Murphy Boulder, CO, USA