Creating Elliptic Curve (ECC) Certificates for TLS

Create the parameter file; this holds all the details about the curve you are using.

$ openssl ecparam -name secp256k1 -out secp256k1.pem

Create the secret key from the parameter file.

$ openssl ecparam -in secp256k1.pem -genkey -noout -out secp256k1-key.pem

Generate a top level self-signed key using the ECC cert.

$ openssl req -key domain.key -new -x509 -days 365 -out domain.crt

• 1. OpenSSL wiki on ECC curve commands
• Digital Ocean on creating self-signed keys

Now sob profusely as you discover how many TLS implementations do not support your ECC certificates.