CA signature algorithm vs certificate public key algorithm

Question

Is there any restriction on the CAs signature algorithm with respect to the public algorithm in the actual server/device certificate? For example, can a ECDHE_ECDSA_* certificate be signed by a CA with RSA and still be within spec? Is this mentioned in any of the RFCs?

Also, If the above is true, is there any provision in the CSR format to specify the algorithm to be used by the CA to sign it?

I tried to google this but could not find a cited answer

score 2 · Accepted Answer · answered Jun 09 '17 at 04:33

2

The signature created by the issuer of the certificate is fully independent of the algorithm used in the certificates public key. The signature algorithm instead depends on the issuers key and not the certificates key. It is actually common to have certificates containing an ECC key signed with RSA.

answered Jun 09 '17 at 04:33

Steffen Ullrich

184,332
29
363
424

Is there a way in which I can choose which algorithm the CA should be using to sign my CSR? – vpillai Jun 09 '17 at 05:50
@vpillai: you can't. The algorithm depends on the type public key in the issuers certificate which is not under your control. – Steffen Ullrich Jun 09 '17 at 06:15

score 1 · Answer 2 · answered Jun 09 '17 at 07:56

Key exchange and certificate verification are independent operation.
"an a ECDHE_ECDSA_* certificate be signed by a CA with RSA and still be within spec."
First part i.e ECDHE is for key exchange
ECDSA is for digital signature verification of server certificate
so ECDHE certificate is actually signed by RSA or DSA by CA. if both key exchange and certificate verification use same algorithm like RSA your cipher suite will be something like RSA_AES_SHA256.

CA signature algorithm vs certificate public key algorithm

2 Answers2