The signature algorithm defines the hash and signature algorithms the issuing CA certificate (Intermediate CA or Root CA) can use to sign a certificate request. You must specify a default signature algorithm from the list of allowed algorithms in case the certificate request does not specify what signature algorithm should be used.
{
...
"signature_algorithm": {
"allowed_algorithms": [
"sha1WithRSA",
"sha256WithRSA",
"sha384WithRSA",
"sha512WithRSA",
"sha256WithECDSA",
"sha384WithECDSA",
"sha512WithECDSA",
"sha3_256WithRSA",
"sha3_384WithRSA",
"sha3_512WithRSA",
"pureEd25519",
"hashedEd25519",
"MLDSA-44",
"MLDSA-65",
"MLDSA-87",
"match_issuer"
],
"default_algorithm": "match_issuer"
},
...
}
Name | Type | Req/Opt | Description |
|---|---|---|---|
signature_algorithm | object | required | Signature algorithm details |
.. allowed_algorithms | array of strings | required | Signature algorithms that can be used to sign the certificate. Supported values:
|
.. default_algorithm | string | required | An algorithm from the list of |