Dual Cryptographic Identities on a Single Network Endpoint

Visual COBOL supports the concurrent use of Elliptic Curve Cryptography (ECC) and RSA public key cryptography on a single listener endpoint.

This is achieved by specifying two identity certificates, two private key files, and two corresponding passwords for those key files to a single network endpoint definition. The use of certificate file passwords is also supported along with supplying one or both sets of intermediate Certificate Authority (CA) certificate chains.
Note: Only one password per certificate file is permitted. Passwords are rarely used for certificate files.

When specifying dual cryptographic support the order of the certificate, key, and password files is important. You must maintain the order of the configuration elements as follows:

Configuration Element Syntax
Certificate File [certfile1];[certfile2]
Certificate Password [certfilepassword1];;;;;[certfilepassword2]
Key File [keyfile1];[keyfile2]
Key Password [keypassword1];;;;[keypassword2]

Where files and paths are listed a single semicolon ";" is used as a delimiter.

When required, different key file passwords must be supplied in the same order as the files that they are used to unlock: 

[Password 1][delimiter character sequence][Password 2]

When listing multiple key file passwords the delimiter used must be four consecutive semicolons ";;;;".

The only exception is when the same password is used for both files. In this case, the password can be configured once but is used for both files.

If only one of the two key files has a password, only the single password should be configured. It will be used for the appropriate file.

Parent topic: Specifying a Server Protocol and Cipher Suite Preference