If you've configured a web server with an RSA certificate signed by an ECDSA Certificate Authority, then you may get errors from your browsers like:
If this web server works perfectly fine with an RSA certificate signed by an RSA-based PKI, then it is likely your web server is configured with invalid TLS Ciphers for these ECDSA-signed certificates. Looking at RFC 4492, we can see the requirements of the certificates in section 5.3 mandate that any ECDH/ECDHE algorithms must have specific requirements met for the signing CA or the keys of the server certificate:
Key Exchange Algorithm Server Certificate Type ---------------------- ----------------------- ECDH_ECDSA Certificate MUST contain an ECDH-capable public key. It MUST be signed with ECDSA. ECDHE_ECDSA Certificate MUST contain an ECDSA-capable public key. It MUST be signed with ECDSA. ECDH_RSA Certificate MUST contain an ECDH-capable public key. It MUST be signed with RSA. ECDHE_RSA Certificate MUST contain an RSA public key authorized for use in digital signatures. It MUST be signed with RSA.
So ciphers like these would be invalid:
You'll need to reconfigure your web server to use alternative valid ciphers, such as:
If you're uncertain about what TLS ciphers to use, OWASP provide a good reference for what ciphers you should be using. You'll need to evaluate your requirements against the user base that will be connecting to your services, as Internet-facing services can have vastly different requirements to large Enterprise networks with legacy systems in use.