acm/aws.sdk.kotlin.services.acm.model/RequestCertificateRequest/keyAlgorithm

keyAlgorithm

val keyAlgorithm: KeyAlgorithm?

Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some Amazon Web Services services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the Amazon Web Services service where you plan to deploy your certificate. For more information about selecting an algorithm, see Key algorithms.

Algorithms supported for an ACM certificate request include:

  • RSA_2048

  • EC_prime256v1

  • EC_secp384r1 Other listed algorithms are for imported certificates only.

When you request a private PKI certificate signed by a CA from Amazon Web Services Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.

Default: RSA_2048

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka