Product Documentation

Generating a Diffie-Hellman (DH) Key

Dec 21, 2015

The Diffie-Hellman (DH) key exchange is a way for two parties involved in an SSL transaction that have no prior knowledge of each other to agree upon a shared secret over an insecure channel. This secret can then be converted into cryptographic keying material for mainly symmetric key cipher algorithms that require such a key exchange.

This feature is disabled by default and should be specifically configured to support ciphers that use DH as the key exchange algorithm.


Generating a 2048-bit DH key may take a long time (up to 30 minutes).

To generate a DH key by using the command line interface

At the command prompt, type the following command:

create ssl dhparam <dhFile> [<bits>] [-gen (2 | 5)]

Example Copy

create ssl dhparam Key-DH-1 512 -gen 2

To generate a DH key by using the configuration utility

Navigate to Traffic Management > SSL and, in the Tools group, select Create Diffie-Hellman (DH) key, and generate a DH key.