Last Updated: February 25, 2016
· weppos

Checking if a CSR is signed with SHA-2 hash algorithm

Assuming the CSR (Certificate Signing Request) is stored in a file called example.csr, you can use the following OpenSSL command to display the details of the CSR.

$ openssl req -noout -text -in example.csr

Certificate Request:
        Version: 0 (0x0)
        Subject:, O=Simone Carletti, L=Rome, ST=RM, C=IT
        Subject Public Key Info:
    Signature Algorithm: sha256WithRSAEncryption

The Signature Algorithm represents the hash algorithm used to sign the CSR.

$ openssl req -noout -text -in example.csr | grep 'Signature Algorithm' 

Signature Algorithm: sha256WithRSAEncryption

If the value is sha256WithRSAEncryption, the certificate is using SHA-256 (also known as SHA-2). Another common value is sha1WithRSAEncryption, that means the certificate is signed with SHA-1.

If you already received a certificate, you can check if the certificate is a SHA-2 certificate.

1 Response
Add your response

Sweet nice snippet thanks Simone!

over 1 year ago ·