Supported cryptographic algorithms
Amazon Private CA supports the following cryptographic algorithms for private key generation and certificate signing.
Supported algorithm | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Private key algorithms | Signing algorithms | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RSA_2048 RSA_4096 EC_prime256v1 EC_secp384r1 SM2 (China Regions only) |
SHA256WITHECDSA SHA384WITHECDSA SHA512WITHECDSA SHA256WITHRSA SHA384WITHRSASHA512WITHRSA SM3WITHSM2 |
This list applies only to certificates issued directly by Amazon Private CA through its console, API, or command line. When Amazon Certificate Manager issues certificates using a CA from Amazon Private CA, it supports some but not all of these algorithms. For more information, see Request a Private Certificate in the Amazon Certificate Manager User Guide.
Note
In all cases, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's private key.