Hello, all: I was trying to package some DH pub key in X509 certificate with openssl *req* and *x509*. But as far as I can find in the usage information of *req*, there's only RSA key and DSA key supported. I've tried to read the source code of *req.c* and found there's a hidden <-newkey dh:> option which seems meeting my need but not completely written. Can anyone provide some information on issuing an X509 certificate which contains DH parameters? Or should I expect the completion of the <-newkey dh:> option in *req.c* in the next version of openssl? Am I right in using the steps as follow : 1. gendh -out dhparam.pem -2 -rand .. 512 2. req -config test.cnf -new -newkey dh:dhparam.pem -out Areq.pem -keyout Akey.pem I tried to find an answer in the archives (including ssl-users, openssl-users, openssl-dev), but couldn't. (maybe I wasn't searching with the good keywords). Thanks in advance David [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
