Score:0

Which key is used for signed exchange certificate?

gh flag

I was trying to generate a Signed Exchange Certificate from Google CA followed by this documentation https://cloud.google.com/certificate-manager/docs/public-ca-tutorial

But now facing this error :

"An unexpected error occurred: Public key does not follow policy: Signed HTTP Exchange certificates can not be issued for RSA keys."

Which type of Key is used for SXG certificate?

Score:0
cn flag

The type is ECC (Elliptic Curve Cryptography).

This openssl command generates an ECC private key:

openssl ecparam -out server.key -name prime256v1 -genkey

Google has not released public documentation on generating ECC certificates and keys. Those features are in private preview.

AFAIK only Digicert sells (provides) certificates with CanSignHttpExchanges.

MD. Zeaul Hoque Shuvo avatar
gh flag
I have generated this command to generate ECC private key and then CSR file using openssl. Then pass that CSR file to certbot cli to generate SXG certificate from Google CA. Ive used their ACME directory for SXG. Now after implementing the certificate, the website isn't working. The ssl handshake isn't happening.
John Hanley avatar
cn flag
@MD.ZeaulHoqueShuvo - **is not working** is not a useful problem description. What is not working - meaning what is logged on the server side?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.