Skip to content

Add option to select RSA or ECDSA key type when creating certificates #5121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jc21 merged 1 commit into from
Jan 13, 2026
Merged

Add option to select RSA or ECDSA key type when creating certificates #5121

jc21 merged 1 commit into from
Jan 13, 2026
+236 −3

Conversation

@KalebCheng
Copy link

@KalebCheng KalebCheng commented Jan 7, 2026

Summary

This PR introduces an option to select the key type (RSA or ECDSA) when creating SSL/TLS certificates in Nginx Proxy Manager. Previously, only ECDSA keys were generated by default, which limited flexibility for users who prefer RSA keys.

Changes

  • Updated the certificate creation UI to include a dropdown for key type selection.
  • Updated backend certificate generation logic to support RSA keys alongside ECDSA.
  • Ensured backward compatibility: existing ECDSA-only workflows remain unchanged.

Motivation

Some users prefer RSA keys for compatibility reasons or specific security requirements. This change allows users to choose between RSA and ECDSA when generating certificates.

Testing

  • Tested creating both RSA and ECDSA certificates.
  • Verified that generated certificates are valid and correctly installed in Nginx Proxy Manager.
  • Confirmed that existing ECDSA-only workflows are unaffected.

@nginxproxymanagerci
Copy link

nginxproxymanagerci bot commented Jan 7, 2026

Docker Image for build 1 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5121

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

@jc21
Copy link
Member

jc21 commented Jan 13, 2026

Great stuff, thanks :)

@jc21 jc21 merged commit f85bb79 into NginxProxyManager:develop Jan 13, 2026
1 check passed
@CamelT0E
Copy link
Contributor

CamelT0E commented Jan 15, 2026

@KalebCheng,
good work-very nice!
Maybe the key length can still be changed in dropdown menu?
RSA: 2048 (default), 3072, 4096 or 8192
ECDSA: 256 (default), 384 or 521

The German BSI recommends the use of RSA-3072, which roughly corresponds to ECDSA-256. RSA-2048 should not be used beyond 2030.

@KalebCheng
Copy link
Author

KalebCheng commented Jan 16, 2026

@KalebCheng, good work-very nice! Maybe the key length can still be changed in dropdown menu? RSA: 2048 (default), 3072, 4096 or 8192 ECDSA: 256 (default), 384 or 521

The German BSI recommends the use of RSA-3072, which roughly corresponds to ECDSA-256. RSA-2048 should not be used beyond 2030.

Great suggestion !

This feature was initially created just to solve a problem I encountered during my own usage, but your proposal makes a lot of sense. I’ll implement it.

@KalebCheng KalebCheng deleted the feature/certificate-key-type-selection branch January 16, 2026 03:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@KalebCheng @jc21 @CamelT0E