fxbxug
Last Updated: February 25, 2016
·
16.39K
· weppos
99e0b39c091e10d9c7d4452a34ca52dc

Checking an SSL certificate for SHA-2 hash algorithm

Assuming the SSL certificate is stored in a file called example.crt, you can use the following OpenSSL command to display the details of the SSL certificate.

$ openssl x509 -noout -text -in example.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ..
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity
            Not Before: Sep 10 00:00:00 2014 GMT
            Not After : Sep 10 23:59:59 2015 GMT

The Signature Algorithm represents the hash algorithm used to sign the SSL certificate.

$ openssl x509 -noout -text -in example.crt | grep 'Signature Algorithm' 

Signature Algorithm: sha256WithRSAEncryption

If the value is sha256WithRSAEncryption, the certificate is using SHA-256 (also known as SHA-2). Another common value is sha1WithRSAEncryption, that means the certificate is signed with SHA-1.

If you haven't received the SSL certificate yet, you can check if the CSR is hashed with SHA-2.

Say Thanks
Respond

1 Response
Add your response

16726
A987a4a61ff30e9a53f752d90ff370d1

Nice

over 1 year ago ·
Filed Under