Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

Install certificates in RSA/ECC Dual mode on Apache

You want to install an ECC certificate on your server but you also want to keep being compatible with platforms that only support RSA? Then you can install 2 certificates, one in ECC format, the other in RSA format.


Make sure your have a SSLCipherSuite list that gives priority to ECC and a SSLHonorCipherOrder on parameter in your configuration.

You use a version of openssl inferior to 1.0.2

You will have to concatenate your 2 certifications chains with the help of a text editor or directly on your your server via the cat command:

cat chain-ecc.txt chain-rsa.txt > chain-ecc-rsa.txt

Make sure the concatenation succeeded and then edit your configuration file in order to take into account all the certificates forming your certification chain. Be cautious not to include a certification chain in one of your certificates files.

SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.crt
SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key

SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.crt
SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key

#Double certification chain
SSLcertificateChainFile /etc/apache2/SSL2015/chain-ecc-rsa.txt

You use openssl 1.0.2 or higher

Just download your certificates and their certification chain in pem format from your certificate status page and install them as follows:

SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.pem
SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key

SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.pem
SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key