diff --git a/samples/multicert/client-ecdsa.lua b/samples/multicert/client-ecdsa.lua
new file mode 100644
index 0000000..79b53de
--- /dev/null
+++ b/samples/multicert/client-ecdsa.lua
@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode        = "client",
+   protocol    = "tlsv1_2",
+   key         = "certs/clientECDSAkey.pem",
+   certificate = "certs/clientECDSA.pem",
+   verify      = "none",
+   options     = "all",
+   ciphers     = "ALL:!aRSA"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local i = peer:info()
+for k, v in pairs(i) do print(k, v) end
+
+print(peer:receive("*l"))
+peer:close()
diff --git a/samples/multicert/client-rsa.lua b/samples/multicert/client-rsa.lua
new file mode 100644
index 0000000..462d7a2
--- /dev/null
+++ b/samples/multicert/client-rsa.lua
@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode        = "client",
+   protocol    = "tlsv1_2",
+   key         = "certs/clientRSAkey.pem",
+   certificate = "certs/clientRSA.pem",
+   verify      = "none",
+   options     = "all",
+   ciphers     = "ALL:!ECDSA"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local i = peer:info()
+for k, v in pairs(i) do print(k, v) end
+
+print(peer:receive("*l"))
+peer:close()
diff --git a/samples/multicert/client.lua b/samples/multicert/client.lua
deleted file mode 100644
index 31bba7a..0000000
--- a/samples/multicert/client.lua
+++ /dev/null
@@ -1,33 +0,0 @@
---
--- Public domain
---
-local socket = require("socket")
-local ssl    = require("ssl")
-
-local params = {
-   mode = "client",
-   protocol = "tlsv1_2",
-   key = "../certs/clientAkey.pem",
-   certificate = "../certs/clientA.pem",
-   cafile = "../certs/rootA.pem",
-   verify = {"peer", "fail_if_no_peer_cert"},
-   options = "all",
-   --
-   curve = "secp384r1",
-}
-
---------------------------------------------------------------------------------
-local peer = socket.tcp()
-peer:connect("127.0.0.1", 8888)
-
-peer = assert( ssl.wrap(peer, params) )
-assert(peer:dohandshake())
-
-print("--- INFO  ---")
-local info = peer:info()
-for k, v in pairs(info) do
-  print(k, v)
-end
-print("---")
-
-peer:close()
diff --git a/samples/multicert/gencerts.sh b/samples/multicert/gencerts.sh
new file mode 100755
index 0000000..7fc851d
--- /dev/null
+++ b/samples/multicert/gencerts.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+mkdir -p certs
+
+openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
+openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
+
+openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
+openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
+
+openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
+
+openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch
diff --git a/samples/multicert/server.lua b/samples/multicert/server.lua
index 34be124..294bf74 100644
--- a/samples/multicert/server.lua
+++ b/samples/multicert/server.lua
@@ -5,27 +5,22 @@ local socket = require("socket")
 local ssl    = require("ssl")
 
 local params = {
-   mode = "server",
-   protocol = "any",
-   certificates = {
-      {
-         key = "../certs/serverAkey.pem",
-         certificate = "../certs/serverA.pem"
-      },
-      {
-         key = "../certs/serverBkey.pem",
-         certificate = "../certs/serverB.pem"
-      }
+   mode         = "server",
+   protocol     = "any",
+   certificates = { 
+      -- Comment line below and 'client-rsa' stop working
+      { certificate = "certs/serverRSA.pem",   key = "certs/serverRSAkey.pem"   },
+      -- Comment line below and 'client-ecdsa' stop working
+      { certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
    },
-   cafile = "../certs/rootA.pem",
-   verify = {"peer", "fail_if_no_peer_cert"},
-   options = "all",
-   --
-   curve = "secp384r1",
+   verify  = "none",
+   options = "all"
 }
 
-------------------------------------------------------------------------------
+
+-- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
+--]]
 
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
@@ -34,15 +29,10 @@ server:listen()
 
 local peer = server:accept()
 
+-- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
+--]]
 
-print("--- INFO ---")
-local info = peer:info()
-for k, v in pairs(info) do
-  print(k, v)
-end
-print("---")
-
+peer:send("oneshot test\n")
 peer:close()
-server:close()