Skip to main content

Signature algorithms

The signature algorithm defines the hash and signature algorithms the issuing CA certificate (Intermediate CA or Root CA) can use to sign a certificate request. You must specify a default signature algorithm from the list of allowed algorithms in case the certificate request does not specify what signature algorithm should be used.

Example JSON: Signature algorithms

{
  ...
  "signature_algorithm": {
    "allowed_algorithms": [
      "sha1WithRSA",
      "sha256WithRSA",
      "sha384WithRSA",
      "sha512WithRSA",
      "sha256WithECDSA",
      "sha384WithECDSA",
      "sha512WithECDSA",
      "sha3_256WithRSA",
      "sha3_384WithRSA",
      "sha3_512WithRSA",
      "pureEd25519",
      "hashedEd25519",
      "MLDSA-44",
      "MLDSA-65",
      "MLDSA-87",
      "match_issuer"
    ],
    "default_algorithm": "match_issuer"
  },
  ...
}

Parameters: Signature algorithm

Name

Type

Req/Opt

Description

signature_algorithm

object

required

Signature algorithm details

.. allowed_algorithms

array of strings

required

Signature algorithms that can be used to sign the certificate.

Supported values:

  • sha256WithRSA

  • sha384WithRSA

  • sha512WithRSA

  • sha256WithECDSA

  • sha384WithECDSA

  • sha512WithECDSA

  • sha3_256WithRSA

  • sha3_384WithRSA

  • sha3_512WithRSA

  • pureEd25519

  • hashedEd25519

  • daimlerHashedEd25519

  • MLDSA-44

  • MLDSA-65

  • MLDSA-87

  • match_issuer

.. default_algorithm

string

required

An algorithm from the list of allowed_algorithms

In this section: