ECDSA证书是否有RSA签名？

Question

我需要与ECDSA证书相关的信息。据我所知，ECDSA证书应包含ECDSA签名，但我看到Facebook和Google服务器证书具有带RSA签名的ECDSA证书。 是否有可能拥有带RSA签名的ECDSA证书？

Answer 1

证书的签名是由发行人使用发行人的密钥创建的。因此，如果证书A在内部具有ECC密钥（即ECDSA证书）但发行方B具有RSA密钥，则A的签名将是RSA签名，因为这是发行机构签署的内容。

例如，在facebook.com的情况下，证书本身具有ECC密钥，但发行者证书DigiCert SHA2高保证服务器CA具有RSA密钥。因为Facebook证书的签名是由发行者用发行者密钥完成的，所以它也必须使用RSA。

Answer 2

Steffen的答案对于X.509标准是正确的，许多浏览器 都是基于标准SSL库支持的情况。然而，在这个粗糙的现实世界中，我发现一些设备拒绝具有RSA签名的ECDSA证书，并且通过TLS 1.2协商。

我想原因是，这种设备的作者遵循RFC-4492，（**是我的）

2.2. ECDHE_ECDSA 
In ECDHE_ECDSA, the server's certificate **MUST** contain an ECDSA- 
capable public key and **be signed with ECDSA.** 

The server sends its ephemeral ECDH public key and a specification of 
the corresponding curve in the ServerKeyExchange message. These 
parameters MUST be signed with ECDSA using the private key 
corresponding to the public key in the server's Certificate. 

尽管RFC-5246，TLS1.2，放宽此限制。 （**是我的）：

7.4.4. Certificate Request 
... 
If the client provided a "signature_algorithms" extension, then all 
certificates provided by the server MUST be signed by a 
hash/signature algorithm pair that appears in that extension. **Note 
that this implies that a certificate containing a key for one 
signature algorithm MAY be signed using a different signature 
algorithm (for instance, an RSA key signed with a DSA key). This is 
a departure from TLS 1.1, which required that the algorithms be the 
same.** Note that this also implies that the DH_DSS, DH_RSA, 
ECDH_ECDSA, and ECDH_RSA key exchange algorithms do not restrict the 
algorithm used to sign the certificate. Fixed DH certificates MAY be 
signed with any hash/signature algorithm pair appearing in the 
extension. The names DH_DSS, DH_RSA, ECDH_ECDSA, and ECDH_RSA are 
historical. 

所以要警告这样的设备存在。