Install certificates in RSA/ECC Dual mode on Apache

You want to install an ECC certificate on your server but you also want to keep being compatible with platforms that only support RSA? Then you can install 2 certificates, one in ECC format, the other in RSA format.

Preparation

Make sure your have a SSLCipherSuite list that gives priority to ECC and a SSLHonorCipherOrder on parameter in your configuration.

You use a version of openssl inferior to 1.0.2

You will have to concatenate your 2 certifications chains with the help of a text editor or directly on your your server via the cat command:

cat chain-ecc.txt chain-rsa.txt > chain-ecc-rsa.txt

Make sure the concatenation succeeded and then edit your configuration file in order to take into account all the certificates forming your certification chain. Be cautious not to include a certification chain in one of your certificates files.

#ECC
SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.crt
SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key

#RSA
SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.crt
SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key

#Double certification chain
SSLcertificateChainFile /etc/apache2/SSL2015/chain-ecc-rsa.txt

You use openssl 1.0.2 or higher

Just download your certificates and their certification chain in pem format from your certificate status page and install them as follows:

#ECC
SSLCertificateFile /etc/apache2/SSL2015/ecdsa.cert.pem
SSLCertificateKeyFile /etc/SSL2015/certs/ecdsa.key

#RSA
SSLCertificateFile /etc/apache2/SSL2015/rsa.cert.pem
SSLCertificateKeyFile /etc/apache2/SSL2015/rsa.cert.key