This is an old revision of the document!
RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
Choosing an Elliptic Curve in 2022 https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/
use the Mozilla SSL Config generator to generate strong SSL configuration https://ssl-config.mozilla.org/
https://www.nccoe.nist.gov/tls-server-certificate-management
NIST SP 800-131A Rev. 2 Transitioning the Use of Cryptographic Algorithms and Key Lengths https://csrc.nist.gov/pubs/sp/800/131/a/r2/final
Recommendation for Key Management: Part 2 - Best Practices for Key Management Organizations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt2r1.pdf
CAB Forum https://cabforum.org/documents/
RFC 9325 Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS
RFC-8446 - The Transport Layer Security (TLS) Protocol Version 1.3
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf (SP800-186)
If the server is configured with an ECDSA signature certificate, either curve P-256 or curve P-384 should be used for the public key in the certificate
ECDSA key lengths page 6 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf Table 2 Acceptable key lengths
= 224 bits of security strength for ECDSA and EdDSA
RSA >= 2048
NIST Special Publication 800-56A Revision 3 Recommendation for Pair-Wise Key- Establishment Schemes Using Discrete Logarithm Cryptography https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf