Skip to main content

PQC toolkit setup guide


This guide is for the PQC toolkit. For instructions on setting up the DigiCert PQC dockerized toolkit, see PQC dockerized toolkit guide.


DigiCert's post-quantum cryptographic (PQC) toolkit contains everything needed to create a hybrid TLS certificate. This hybrid certificate uses a post-quantum cryptographic algorithm paired with a classical cryptographic algorithm. This pairing allows you to test the viability of deploying post-quantum hybrid TLS certificates while also maintaining backwards compatibility.


For this first iteration, the post-quantum cryptographic algorithm is paired with an elliptical curve cryptographic algorithm.

This setup guide walks you through using the DigiCert PQC toolkit to:

  • Apply the ISARA PQC Patch to OpenSSL source files.

  • Compile your modified OpenSSL program.

  • Generate post-quantum cryptographic keys.

  • Create a complete hybrid certificate chain, including root, intermediate, and server certificates.

  • Test the certificates using OpenSSL's s_server and s_client utilities.


DigiCert PQC toolkit is available to download for all Secure Site Pro customers.

Learn more about what's included with each Secure Site Pro certificate.

PQC toolkit contents

DigiCert PQC toolkit contains these files:

  • ISARA Catalyst OpenSSL Connector

  • Modified openssl.cnf

  • Certificate configuration files

  • Example hybrid certificate chain


Before using this guide, make sure these prerequisites are met:

  • You have access to the DigiCert PQC toolkit resource files.

  • You have 64-bit Ubuntu 16.04 or later (this guide was written using Ubuntu 18.04 LTS).

  • You are a non-root user with sudo access.


To protect your system or production environment from issues, we recommend you follow these steps using a sandbox or virtual environment.