Elliptic Curve Digital Signature Algorithm (ECDSA) is a Digital Signature Algorithm (DSA) that uses keys generated using elliptic curve cryptography (ECC).
In order not to be confused about these terms, let’s look at everything in detail and understand what their connections and differences are.
Elliptic Curve Cryptography (ECC) is a type of public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys than keys generated by other cryptographic methods, such as RSA (Rivest-Shamir-Adleman), while providing the equivalent protection level.
In an ECDSA SSL/TLS certificate, both the public key and private key are derived from Elliptic Curve Cryptography.

ECDSA Offers Several Advantages Over RSA:
- Stronger Security with Smaller Keys: ECDSA achieves equivalent security with much shorter key lengths. For example, a 256-bit key in ECDSA provides a level of security comparable to a 3072-bit RSA key. This efficiency not only enhances security but also reduces the computational load on servers.
- Faster Performance: Smaller keys mean quicker handshakes and lower latency in secure connections.
- Future-Proofing: As computational power increases, traditional algorithms like RSA may become vulnerable. For example, for quantum computing advances, algorithms like ECDSA are considered more resistant to potential future threats than traditional methods (although they will still need to be replaced with quantum-safe algorithms).
- Widely Supported: All modern web browsers and servers support ECDSA, making it a practical option for securing websites.
RSA vs ECC Security Levels
This table shows the ECC key size needed to achieve the same level of security as RSA.
| RSA (Key Size in bits) | ECC (Key Size in bits) |
| 512 | 112 |
| 1024 | 160 |
| 2048 | 224 |
| 3072 | 256 |
| 7680 | 384 |
| 15360 | 512 |
How to Enable ECDSA for Your SSL/TLS Certificates
For the average user, there are two key points to focus on: the correct product should be selected and an ECC key pair should be generated.
1. Choose the product
The first step is to select a product you would like to obtain. Almost all the SSL certificates offered by CheapSSLSecurity support ECDSA. In case you need any assistance, our Sales Team is always glad to help you find the best option depending on your needs. To contact the Sales Team
2. Generate a Key Pair
You will need to generate an ECC key pair (CSR and Private Key). This can be done using tools like OpenSSL. Here’s a command to generate a 256-bit ECDSA key:
To generate a Private Key:
IMPORTANT! You may use any Private Key name with .key extension instead of “private.key”. Please save it securely, as you will need this file later for the certificate installation.
Please also note that the recommended and CheapSSLSecurity-acceptable ECC key size is 256-bit (so, prime256v1 is used).
To generate ECC CSR:
You may use any name for the CSR instead of “certificatesigningrequest.csr” (it should be .csr file).
On the next step, you will be prompted to enter the following information:
- Country Name: Enter the two-letter country code (e.g., IT for Italy).
- State or Province Name: Full name of your state or region.
- Locality Name: Your city or town’s name.
- Organization Name: The company’s legal name.
- Organizational Unit Name: Typically “IT” or “Web Administration”.
- Common Name: Your Fully Qualified Domain Name (FQDN). Note, for wildcard certificates, please enter your domain with an asterisk (e.g., *.example.tld)
- Email Address: Enter a valid email address.
IMPORTANT! For the optional fields, you may enter “.” To leave these fields blank.
You have now generated an ECC CSR. You can open the CSR file using a simple text editor, such as Notepad.
3. Submit the CSR and Complete Certificate Generation
Now, your ECC CSR can be submitted to the vendor via CheapSSLSecurity Order page. Make sure that you include the header and footer —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags while submitting the CSR
4. Validation
Depending on the SSL product type, you may need to pass the Domain Verification OR also an Organization Verification. Here you can find more detailed information and requirements:
Validation Guides
Once the verification is completed and the SSL is issued, please download the certificate files and proceed with the installation.
5. Install the Certificate
Once you receive your certificate, install it on your server. The installation process may vary depending on your server type (Apache, Nginx, etc.).
Please refer to our Help Center and Knowledgebase to find useful articles and step-by-step instructions on how to complete the certificate installation: Help Center, Knowledgebase
6. Test Your Configuration
After installation, we would recommend testing your server’s configuration to ensure that it supports ECDSA correctly. Tools like CheapSSLSecurity SSL Checker can provide insights into your server’s SSL/TLS implementation and highlight any potential vulnerabilities. CheapSSLSecurity SSL Checker
To summarize the above, enabling the ECDSA signature algorithm for your SSL/TLS certificates is a proactive step towards strengthening security and possibly even optimizing performance. In practice, implementation of ECDSA certificates may achieve a 30% reduction in SSL handshake times, which can be a significant capacity optimization and server relief.
