I have a question on proxy signing the server's certificate. Sat the negotiated cipher is ECDHE-ECDSA-AES128-GCM-SHA256.
This means the authentication used in this case is ECDSA. When proxy will receive this certificate and will re-sign it,
1. Is it important to re-sgn the certificate using ECDSA with same EC curve type(say 384 bits) or server’s certificate can be signed with RSA?
2. If we could re-sign the certificate using RSA(assuming that statement 1 is correct), what will come to client ECDSA authentication or RSA as I have re-signed the certificates using RSA?
3. Will client be using original server’s ECDSA public ket to verify server’s identity or will it use RSA to verify server’s identity as server’s certificate is re-signed using RSA?