I wrote Tuesday, 18 June, 2013 22:29: > <snip> if [DH peer] is using the > other cert fields for anything, or relying on CA issuance of > the cert as a trust check, then you need the cert. > > If you do need to create a cert yourself, <snip> > Alternatively if the Java example is > getting the cert from a CA (maybe an internal e.g. company one) > you may need to do the same by instead creating a CSR and > submitting that to the CA. > Sorry, that was habit. You can't do a (PKCS) CSR for DH, since you can't sign to prove possession. Thus you may be unable to use a cert to propagate trust. You can use it to carry related data, or to apply available tools.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
