Generate self-signed certificate with specific cipher suites using OpenSSL?

Question

I am trying to generate a self-signed server certificate with specific cipher suites supported:

• TLS_RSA_WITH_RC4_128_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA

How should I proceed to generate the specific cert? I saw that most guides follow this command:

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out MyCertificate.crt -keyout MyKey.key

Should I be changing the -sha256 parameter?

Answer 1

Assuming you are talking about server certificates then in order to support those two ciphersuites your server will need an RSA certificate. The command that you listed will do that and will give you what you need.

Should I be changing the -sha256 parameter?

No, there is no need to do that. That specifies the digest to be used when signing the certificate. This is not related to the digest specified in the ciphersuite (SHA1).