Chain of Trust For TLS Certificates: Using ECDSA-based Certificates Issued By ECDSA-based Intermediate CAs That Are In Turn Signed By ECDSA-based Root CAs

Dear Bitwarden Employees,

I am pleased that Bitwarden has scored an A+ on Qualys SSL Lab’s Test for TLS Strength:

I did notice that Bitwarden does rely on two distinct certificates: one that uses an EC-based Public Key and another that uses RSA-2048. Supporting both are good options since EC-based signature tests should be faster and more secure than RSA should still be supported for older systems that do not support EC-based signatures.

I also like that the intermediate certificate is issued by CloudFlare and this intermediate certificate is itself signed by Baltimore Cyber Trust Root as the root certificate. So this is a good thing because it means there is an authority verifying the authenticity of the public key sent by Bitwarden to clients (CloudFlare Intermediate Certificate). And, there is an authority verifying the authenticity of this Intermediate Certificate (Baltimore CyberTrust Root).

Our own server for our student organization ( does the same thing–except the Intermediate Certificate is issued by R3 and the Root CA verifying the Intermediate Certificate is issued by DST Root CA X3.

And both of our setups would be even better if the digital signature issued by the Root CA actually used an ECDSA-based private key.

For now, many Root CAs have not yet released a root certificate that actually uses an ECDSA-based Root Certificate.

This is the kind of Root Certificate we would want Root CA Authorities to use to sign ECDSA-based Intermediate Certificates.

I plan to renew our ECDSA-based certificate when Let’s Encrypt Certificate Authority finally gets their “ISRG Root X2” Root Certificate and “Let’s Encrypt E1” Intermediate Certificate approved since that would allow a complete chain of ECDSA-based certificates leading back to the Root Certificate Authority (in this case ISRG Root X2). (

Is Bitwarden planning to upgrade their ECDSA-based certificates so that even the digital signature issued by the Root CA to verify the Intermediate CA-based certificate would be an ECDSA-based signature (e.g. SHA256withECDSA)? At this point the Intermediate Certificate that signed Bitwarden’s server certificate was signed by CloudFlare Inc ECC CA-3, which uses an ECDSA-based private key for the Intermediate signature–but the digital signature used by Baltimore Root CA to sign CloudFlare’s Intermediate Certificate was unfortunately only signed by an RSA-based private key (SHA256withRSA).