Supported cryptographic algorithms
AWS Private CA supports the following cryptographic algorithms for private key generation and certificate signing.
Supported algorithm | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Private key algorithms | Signing algorithms | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSA_2048 RSA_4096 EC_prime256v1 EC_secp384r1 |
SHA256WITHECDSA SHA384WITHECDSA SHA512WITHECDSA SHA256WITHRSA SHA384WITHRSASHA512WITHRSA |
This list applies only to certificates issued directly by AWS Private CA through its console, API, or command line. When AWS Certificate Manager issues certificates using a CA from AWS Private CA, it supports some but not all of these algorithms. For more information, see Request a Private Certificate in the AWS Certificate Manager User Guide.
Note
In all cases, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's private key.