Skip to content

Add option to select RSA or ECDSA key type when creating certificates#5121

Merged
jc21 merged 1 commit intoNginxProxyManager:developfrom
KalebCheng:feature/certificate-key-type-selection
Jan 13, 2026
Merged

Add option to select RSA or ECDSA key type when creating certificates#5121
jc21 merged 1 commit intoNginxProxyManager:developfrom
KalebCheng:feature/certificate-key-type-selection

Conversation

@KalebCheng
Copy link
Copy Markdown

@KalebCheng KalebCheng commented Jan 7, 2026

Summary

This PR introduces an option to select the key type (RSA or ECDSA) when creating SSL/TLS certificates in Nginx Proxy Manager. Previously, only ECDSA keys were generated by default, which limited flexibility for users who prefer RSA keys.

Changes

  • Updated the certificate creation UI to include a dropdown for key type selection.
  • Updated backend certificate generation logic to support RSA keys alongside ECDSA.
  • Ensured backward compatibility: existing ECDSA-only workflows remain unchanged.

Motivation

Some users prefer RSA keys for compatibility reasons or specific security requirements. This change allows users to choose between RSA and ECDSA when generating certificates.

Testing

  • Tested creating both RSA and ECDSA certificates.
  • Verified that generated certificates are valid and correctly installed in Nginx Proxy Manager.
  • Confirmed that existing ECDSA-only workflows are unaffected.

@nginxproxymanagerci
Copy link
Copy Markdown

nginxproxymanagerci Bot commented Jan 7, 2026

Docker Image for build 1 is available on DockerHub:

nginxproxymanager/nginx-proxy-manager-dev:pr-5121

Note

Ensure you backup your NPM instance before testing this image! Especially if there are database changes.
This is a different docker image namespace than the official image.

Warning

Changes and additions to DNS Providers require verification by at least 2 members of the community!

@jc21
Copy link
Copy Markdown
Member

jc21 commented Jan 13, 2026

Great stuff, thanks :)

@jc21 jc21 merged commit f85bb79 into NginxProxyManager:develop Jan 13, 2026
1 check passed
@CamelT0E
Copy link
Copy Markdown
Contributor

CamelT0E commented Jan 15, 2026

@KalebCheng,
good work-very nice!
Maybe the key length can still be changed in dropdown menu?
RSA: 2048 (default), 3072, 4096 or 8192
ECDSA: 256 (default), 384 or 521

The German BSI recommends the use of RSA-3072, which roughly corresponds to ECDSA-256. RSA-2048 should not be used beyond 2030.

@KalebCheng
Copy link
Copy Markdown
Author

KalebCheng commented Jan 16, 2026

@KalebCheng, good work-very nice! Maybe the key length can still be changed in dropdown menu? RSA: 2048 (default), 3072, 4096 or 8192 ECDSA: 256 (default), 384 or 521

The German BSI recommends the use of RSA-3072, which roughly corresponds to ECDSA-256. RSA-2048 should not be used beyond 2030.

Great suggestion !

This feature was initially created just to solve a problem I encountered during my own usage, but your proposal makes a lot of sense. I’ll implement it.

@KalebCheng KalebCheng deleted the feature/certificate-key-type-selection branch January 16, 2026 03:17
@cyberdust2k cyberdust2k mentioned this pull request Feb 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@KalebCheng @jc21 @CamelT0E