Checking if a CSR is signed with SHA-2 hash algorithm
Assuming the CSR (Certificate Signing Request) is stored in a file called example.csr, you can use the following OpenSSL command to display the details of the CSR.
$ openssl req -noout -text -in example.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=www.simonecarletti.com, O=Simone Carletti, L=Rome, ST=RM, C=IT
Subject Public Key Info:
...
Signature Algorithm: sha256WithRSAEncryptionThe Signature Algorithm represents the hash algorithm used to sign the CSR.
$ openssl req -noout -text -in example.csr | grep 'Signature Algorithm'
Signature Algorithm: sha256WithRSAEncryptionIf the value is sha256WithRSAEncryption, the certificate is using SHA-256 (also known as SHA-2). Another common value is sha1WithRSAEncryption, that means the certificate is signed with SHA-1.
If you already received a certificate, you can check if the certificate is a SHA-2 certificate.
Written by Simone Carletti
Related protips
1 Response
Sweet nice snippet thanks Simone!
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Shell
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#