Join Log in
Score:0
MD. Zeaul Hoque Shuvo avatar Server

Which key is used for signed exchange certificate?

gh flag
MD. Zeaul Hoque Shuvo

I was trying to generate a Signed Exchange Certificate from Google CA followed by this documentation https://cloud.google.com/certificate-manager/docs/public-ca-tutorial

But now facing this error :

"An unexpected error occurred: Public key does not follow policy: Signed HTTP Exchange certificates can not be issued for RSA keys."

Which type of Key is used for SXG certificate?

36
1 + 0
rsa
Score:0
John Hanley avatar Server
cn flag
John Hanley

The type is ECC (Elliptic Curve Cryptography).

This openssl command generates an ECC private key:

openssl ecparam -out server.key -name prime256v1 -genkey

Google has not released public documentation on generating ECC certificates and keys. Those features are in private preview.

AFAIK only Digicert sells (provides) certificates with CanSignHttpExchanges.

+ 2
MD. Zeaul Hoque Shuvo avatar
gh flag
MD. Zeaul Hoque Shuvo
I have generated this command to generate ECC private key and then CSR file using openssl. Then pass that CSR file to certbot cli to generate SXG certificate from Google CA. Ive used their ACME directory for SXG. Now after implementing the certificate, the website isn't working. The ssl handshake isn't happening.
0
Reply
John Hanley avatar
cn flag
John Hanley
@MD.ZeaulHoqueShuvo - **is not working** is not a useful problem description. What is not working - meaning what is logged on the server side?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.