AWS privateca documentation change
Summary
Refined explanation of CA signing algorithm context
Security assessment
Explicitly distinguishes CA signing from certificate issuance algorithms, improving security documentation accuracy. No vulnerability addressed.
Diff
diff --git a/privateca/latest/userguide/describe-CA.md b/privateca/latest/userguide/describe-CA.md index 076277c9e..d5a7247cf 100644 --- a//privateca/latest/userguide/describe-CA.md +++ b//privateca/latest/userguide/describe-CA.md @@ -75 +75 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri - * **Signing algorithm** – The algorithm that the CA uses to sign certificate requests. (Not to be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued.) Possible values are **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA** + * **Signing algorithm** – The algorithm that the CA uses to sign its own Certificate Signing Request, CRLs, and OCSP responses (Not to be confused with the `SigningAlgorithm` parameter used in the IssueCertificate API.) Possible values are **SHA256 ECDSA** , **SHA384 ECDSA** , **SHA512 ECDSA** , **SHA256 RSA** , **SHA384 RSA** , and **SHA512 RSA**