Supported cryptographic algorithms - AWS Private Certificate Authority

Supported cryptographic algorithms

AWS Private CA supports the following cryptographic algorithms for private key generation and certificate signing.

Supported algorithm
Private key algorithms Signing algorithms

RSA_2048

RSA_4096

EC_prime256v1

EC_secp384r1

SM2 (China Regions only)

SHA256WITHECDSA

SHA384WITHECDSA

SHA512WITHECDSA

SHA256WITHRSA

SHA384WITHRSA

SHA512WITHRSA

SM3WITHSM2

This list applies only to certificates issued directly by AWS Private CA through its console, API, or command line. When AWS Certificate Manager issues certificates using a CA from AWS Private CA, it supports some but not all of these algorithms. For more information, see Request a Private Certificate in the AWS Certificate Manager User Guide.

Note

In all cases, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's private key.