Last Updated: September 09, 2019
· weppos

Checking an SSL certificate for SHA-2 hash algorithm

Assuming the SSL certificate is stored in a file called example.crt, you can use the following OpenSSL command to display the details of the SSL certificate.

$ openssl x509 -noout -text -in example.crt

        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
            Not Before: Sep 10 00:00:00 2014 GMT
            Not After : Sep 10 23:59:59 2015 GMT

The Signature Algorithm represents the hash algorithm used to sign the SSL certificate.

$ openssl x509 -noout -text -in example.crt | grep 'Signature Algorithm' 

Signature Algorithm: sha256WithRSAEncryption

If the value is sha256WithRSAEncryption, the certificate is using SHA-256 (also known as SHA-2). Another common value is sha1WithRSAEncryption, that means the certificate is signed with SHA-1.

If you haven't received the SSL certificate yet, you can check if the CSR is hashed with SHA-2.

1 Response
Add your response


over 1 year ago ·