I need an SSL certificate for a web server. I can generate a self-signed SSL certificate with the following OpenSSL commands:
openssl req -newkey rsa:512 -x509 -days 365 -nodes -out cert.pem -keyout cert.pem
openssl dhparam -inform pem -in cert.pem -outform pem -out dhparam.pem 512
cat dhparam.pem >> cert.pem
If I want to have a CA-signed certificate, I can generate a CSR (Certificate Signing Request) :
openssl req -newkey rsa:512 -nodes -out cert.csr -keyout cert.key
And send it to one CA. And then ? I'm wondering what the CA is sending back : only the certificate, or the certificate and the DH parameters since they are used in the negotiation between the browser and the server ?