Install certificates in RSA/ECC Dual mode on Apache
You want to install an ECC certificate on your server but you also want to keep being compatible with platforms that only support RSA? Then you can install 2 certificates, one in ECC format, the other in RSA format.
Preparation
Make sure your have a SSLCipherSuite list that gives priority to ECC and a SSLHonorCipherOrder on parameter in your configuration.
You use a version of openssl inferior to 1.0.2
You will have to concatenate your 2 certifications chains with the help of a text editor or directly on your your server via the cat command:
cat chain-ecc.txt chain-rsa.txt > chain-ecc-rsa.txt
Make sure the concatenation succeeded and then edit your configuration file in order to take into account all the certificates forming your certification chain. Be cautious not to include a certification chain in one of your certificates files.
#ECC SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.crt SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key #RSA SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.crt SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key #Double certification chain SSLcertificateChainFile /etc/apache2/SSL2015/chain-ecc-rsa.txt
You use openssl 1.0.2 or higher
Just download your certificates and their certification chain in pem format from your certificate status page and install them as follows:
#ECC SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.pem SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key #RSA SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.pem SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key