Certificate Signature Algorithm Explained

The signature algorithm field identifies the algorithm the Certificate Authority used to sign the certificate. It appears twice in the raw ASN.1 structure (in both the signatureAlgorithm and tbsCertificate.signature fields) and specifies both the hash algorithm and the public key algorithm used to create the CA's signature.

Common Signature Algorithms

• sha256WithRSAEncryption — SHA-256 hash + RSA signature. The most common algorithm in current certificates.
• ecdsa-with-SHA256 — SHA-256 hash + ECDSA signature. Used when the CA has an EC key.
• ecdsa-with-SHA384 — SHA-384 hash + ECDSA signature. Used with P-384 CA keys.
• sha1WithRSAEncryption — Deprecated. SHA-1 is broken for signature purposes. Browsers no longer trust certificates signed with SHA-1. Issued only in exceptional legacy circumstances.
• md5WithRSAEncryption — Severely deprecated. MD5-signed certificates are not accepted by any modern client.

Signature Algorithm vs. Key Algorithm

These are two separate things:

• The key algorithm is the type of key in the leaf certificate (RSA 2048, EC P-256, etc.)
• The signature algorithm is how the issuing CA signed the certificate — it uses the CA's private key, not the leaf's key

It's perfectly valid for an RSA CA to issue an ECDSA leaf certificate (the CA signs with RSA, but the leaf's public key is EC).

Checking for Weak Algorithms

When you decode a certificate, the decoder flags SHA-1 signature algorithms with a warning. If you see sha1WithRSAEncryption, the certificate may be rejected by modern TLS clients and browsers, regardless of the key size.