I need to introduce Signed Http Exchange for my website. As part of the Signed HTTP Exchanges technology specifications, the TLS certificate used to sign the exchange requires an Elliptic Curve Cryptology (ECC) keypair.
To order a TLS certificate with the CanSignHttpExchanges extension, I must submit an ECC certificate signing request (CSR) with the order.In DigiCert documentation they mentioned for these two only :
Apache: Create ECC CSR and Install ECC SSL Certificate Microsoft Servers: Microsoft Servers: Create ECC CSR and Install ECC SSL Certificate
I want to submit ECC certificate signing request (CSR) with order a TLS certificate with the CanSignHttpExchanges extension for nginx server. I didn't find anything related to nginx in DigiCert's documentation. Can anyone help me on this?
CodePudding user response:
SSL certificates are not related to the web server you are using. The contents are exactly the same. Some web servers require a different file format, but an SSL certificate can be converted from one format to another easily.
Use OpenSSL to generate a CSR. Neither Apache nor Nginx is required for that step.
Example commands. Modify to meet DigiCert's subject name requirements for your company.
openssl ecparam -genkey -name prime256v1 -out private.key
openssl req -new -key mySxg.key -nodes -out ExampleCompany.csr -subj "/O=ExampleCompany/C=US/CN=example.com"
The CSR file is: ExampleCompany.csr.