2013/5/1 Rajeswari K <raji.kotamr...@gmail.com> > Hello openssl-users, > > We have two different keypairs such as signature keypair and encryption > keypair on our device. Hence, two different certificates (signature and > encryption) were issued by CA server. > > Query : > To perform openssl handshake, which key do we need to read? > > Is it Encryption private key and corresponding encryption key's > certificate or Signature private key and corresponding signature key's > certificate? > > Have performed test to read encryption key and corresponding certificate. > - Handshake succeeded. > > Have performed test to read signature key and corresponding certificate. - > Handshake succeeded. >
How did you verified it? > > Now, need to take a decision which key takes more precedence. Based on > this need to change the design. > > Please provide your valuable inputs. > > Thanks & Regards, > Rajeswari. > If the server accepts them both it probably means you can use either. It's up to the organisation to define the key/certificate role. Possibly helpful to identify the role could be the following command: openssl x509 -noout -purpose -in <certificate> Hope this helps, Kris
