I’m trying to generate a X509 certificate with an EC public key but an RSA signature. I’m using OpenSSL like this:
openssl genpkey -algorithm EC -out ec256key.pem -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve openssl req -new -key ec256key.pem -out ec256request.csr -subj "/C=AB/ST=CD/L=Test/O=someOrganization/CN=domain.com" openssl x509 -req -in ec256request.csr -signkey rsaKey.key -days 365 -out ec_rsa_256cert.pem
However, the resulting certificate contains the RSA public key instead of the elliptic curve public key. I also tried to set
-force_pubkey ec256key.pem, which doesn’t work (unable to load Forced key). This error does not occur if I export the public key first using
openssl pkey -in ec256key.pem -pubout -out ec256pk.pem but the resulting certificate again only holds the RSA public key with RSA signature.
Am I misunderstanding how