Hello,

I am trying to create a Diffie-Hellman server SSL certificate to use
with one of the regular DH cipher suites (the TLS_DH_* ciphers). From
what I understand, I need to generate DH parameters and key pair and
embed the public key into a X509 certificate signed by a CA using RSA
or DSS.

Is there a way to do this using the OpenSSL API? Just to make it
clear, I am not trying to use ephemeral Diffie-Hellman, where the DH
params are signed by a DSS or RSA server certificate, which is in turn
signed by the CA.

This should be a simple issues, but I can't find online any way to
generate such certificate. I don't know if nobody uses regular DH
cipher suites or I am completely in the wrong direction.

Thanks in advance.

Regards,
Peter Djalaliev