Last Updated: September 09, 2019
·
35.77K
· weppos

Checking an SSL certificate for SHA-2 hash algorithm

Assuming the SSL certificate is stored in a file called example.crt, you can use the following OpenSSL command to display the details of the SSL certificate.

$ openssl x509 -noout -text -in example.crt

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ..
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity
            Not Before: Sep 10 00:00:00 2014 GMT
            Not After : Sep 10 23:59:59 2015 GMT

The Signature Algorithm represents the hash algorithm used to sign the SSL certificate.

$ openssl x509 -noout -text -in example.crt | grep 'Signature Algorithm' 

Signature Algorithm: sha256WithRSAEncryption

If the value is sha256WithRSAEncryption, the certificate is using SHA-256 (also known as SHA-2). Another common value is sha1WithRSAEncryption, that means the certificate is signed with SHA-1.

If you haven't received the SSL certificate yet, you can check if the CSR is hashed with SHA-2.

1 Response
Add your response

Nice

over 1 year ago ·