tom-elliptic-curveElliptic curve cryptography is the new black in the TLS world. It’s an alternative to the rather old RSA crypto system that is common in the web today. In this test, we are adding a new certificate authority that is based on EC keys. There are many different curves offered, so the client and server both needs to understand the curve being used in order to reach interoperability.

Smaller keys in EC, strangely enough for a non-mathematical genius, give more security and thus is easier to handle for small systems. In order to succeed in this test, which you should, you need to install a new CA certificate, the TLS-O-MATIC EC CA.

Hybrid certificate – EC CA and RSA server

During migration there will be hybrid solutions, which is perfectly fine. The CA may use one technology and the server may use another one. This is called hybrid certificates.

The CA certificate in this test is using Elliptic Curve Key exchange instead of RSA, as is the classical key pair technology used for certificates. The server the the certificate is verifying use a RSA key pair, so this is a hybrid certificate – a CA with Elliptic curve and a server with RSA keys. Your client should accept this.


Next test