Open rathorearvind19 opened 1 year ago
No, you cannot do that. As per specifications, terminal certificates (and also DV) must use the same key params as CVCA. If CVCA uses RSA, all the trust chain must use RSA. This also applies for ECC: if CVCA uses specific elliptic curve, subsequent DV and terminal certificates must use the same curve. You cannot mix them.
Makes sense. Thanks. I was trying to use ECC key pair for ECDH for terminal but all the certificates in the trust chain (CVCA, DV, terminal) are signed with RSA keys. I think that works and was able to generate certificates.
Hello Here a sample script for renew a cert with the same Key
cvc-create --role=cvca --type=at --sign-as=ZZATCVCA00001.cvcert --chr=ZZATCVCA00002 --days=365 --sign-key=ZZATCVCA00001.pkcs8 --scheme=ECDSA_SHA_256
Can I generate RSA certificate for ECC public key? I want the terminal to have ECC private/public key pair but DV and CVCA to have RSA key pairs. In that case, can I generate RSA certificate for IS's ECC key pair? It doesn't seem it is supported but ideally should be possible.
Here is the batch script I am running:
and the error I am getting: