Creating a DH Parameter
(Key) File and a DSA Certificate and Key
In order to establish an SSL connection with the DH (key exchange)
and DSA (DSS, signing) algorithms, a DH parameter file and DSA certificates
and keys are required in your SSL application. The Certificate Tool (described
in Chapter 3) does not provide this functionality. However, the
OpenSSL command-line utility allows you to create the required files.
The following lines demonstrate how to create the DH and DSA
related files.
## Create a DH parameter (key size is 1024 bits)
$ openssl dHParam -outform PEM -out dHParam.pem 1024
## Create a DSA certificate
- Create DSA parameters (key size is 1024 bits)
$ openssl dsaparam -out dsaparam.pem 1024
- Create a DSA CA certificate and private key(using DSA parameter in dsaparam.pem)
$ openssl req -x509 -newkey dsa:dsaparam.pem
-keyout dsa_ca.key -out dsa_ca.crt -config SSL$CONF
- Create DSA certificate signing request(dsa_cert.csr)& private key(dsa_cert.key)
$ openssl req -out dsa_cert.csr -keyout dsa_cert.key
-newkey dsa:DSAPARAM.PEM -config SSL$CONF
- Sign Certificate Signing Request with DSA CA Certificate and Create a New Certificate
$ openssl ca -in dsa_cert.csr -out dsa_cert.crt
-config SSL$CA_CONF