Using certificates with RSA and ECDSA keys at the same time

Would you like to make quick and modern EC key encryption available to your customers, but are still worried about compatibility with older browsers? You don't have to anymore. You can set up two certificates side by side on the web server and RSA will serve as a fallback. In this tutorial, you will learn how to use two certificates with both RSA and EC keys together on one domain.

Web servers have been able to do this for a long time; so if you're hesitating whether it's the right time to switch to an ECC certificate due to visitor compatibility, you can set up both. Modern browsers support the use of EC keys and they will communicate with the server faster. Browsers that cannot use elliptic curve cryptography (ECC) will have a classic RSA certificate available as a so-called fallback.

Operating two certificates on the web server

Operating two certificates with different algorithms side by side is simple. You simply add a second certificate to the web server’s configuration and the server will decide, which it will use.

There will be two certificates, each with a different key algorithm, and their use will be determined by a list of ciphers ordered by preference (and of course the preference of the connecting browser). An ECC certificate that contains a shorter key and whose cryptography is stronger than RSA will be preferred.

The certificate order is determined by the encryption algorithm’s preference that you set for the given domain on the web server. The ciphers are sorted by priority in the list of preferred (and forbidden) ciphers, so that the server tries the earlier ones before the later ones.

Fallback from ECC to RSA

If the server and client do not agree on ciphers with an EC key, it switches to the following ciphers using RSA, which the browser definitely supports. This ensures a so-called fallback to the classic RSA certificate. Thanks to this, the use of dual configuration is safe and you don't have to worry that a customer with an old browser won't get to your website.

Setting the cipher preference

Preferred ciphers need to be defined for each web server; for this, we recommend using the service moz://a SSL Configuration Generator or Cipherli.st. This will give you a list of suitable ciphers recommended by security experts, and you won't have to create it yourself.

How to get a duplicate certificate

In SSLmarket, you get one certificate with the algorithm used in CSR by default. If you want to get a duplicate of your existing certificate for free (with a different algorithm), don't hesitate to contact our customer support. For the dual use of RSA and ECC, you don’t need to buy the same certificate twice.

Apache

Add the second pair of certificates and private key’s location to a specific website’s vhost configuration. This second certificate will have a different key algorithm than the first; we assume that you are adding an ECC certificate to an existing RSA certificate.

You just add the second pair of keys to the configuration. Their use then depends on the preference of the algorithms in the ciphersuites.

SSLCertificateFile /etc/ssl/certs/ssl-rsa.crt
SSLCertificateKeyFile /etc/ssl/private/pkey-rsa.pem

SSLCertificateFile /etc/ssl/certs/ssl-ecc.pem
SSLCertificateKeyFile /etc/ssl/private/pkey-ecc.pem

If you have the SSLCACertificateFile directive enabled in the configuration, feel free to delete it or comment it. The Intermediate CA certificate does not need to be listed separately, as you already have it in the file with the domain certificate itself.

Encryption algorithms using ECC should logically be at the front of the list with higher priority. You set the protocols and list of ciphers in the ssl.conf file (by default in the /mods-enabled folder). Example taken from ssl-config.mozilla.org:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off

Nginx

Nginx can simultaneously use RSA and ECC certificates younger than version 1.11.0, released in 2016. The configuration settings for nginx have the same logic as for Apache. You just add the second certificate to the configuration and let the server decide.

server {
listen 443 ssl default_server;
server_name domain.com www.domain.com;
# RSA certificate
ssl_certificate /var/ssl/domain.com/certs/fullchain.rsa.pem;
ssl_certificate_key /var/ssl/domain.com/private/privkey.rsa.pem;
# ECDSA certificate
ssl_certificate /var/ssl/domain.com/certs/fullchain.ecc.pem;
ssl_certificate_key /var/ssl/domain.com/private/privkey.ecc.pem;

# Other directives
}

Setting protocols and cipher list (taken from ssl-config.mozilla.org):

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

Verifying the installation is correct

You can verify the SSL certificate has been installed correctly using our checker. For more information, see the article Checking the correct installation.

Resources and more information


Pomoc s SSL certifikáty

Is it too much for you?

Write us
info@sslmarket.co.uk
Contact form
Has this article been useful?