Hello,

This should be a simple issue, but I can't find any answer online, so
I must be doing something wrong.

We want a way to configure a SSL server, say Apache with mod_ssl, to
use the regular Diffie-Hellman SSL ciphers - the ones with DH_DSS or
DH_RSA as key exchange algorithm. So, from what I understand we need
to produce a SSL server certificate which contains a DH public key and
DH parameters. The server certificate needs to be signed using RSA or
DSS.

How can we produce such a certificate using OpenSSL? Is there any
other way to do it?

I can see how to generate DH parameters and keys using OpenSSL, but I
can't find out how to put those params in the subject public key info
of an SSL certificate.

Thank you in advance.

Regards,
Peter Djalaliev