Check if my SSL Certificate is SHA1 or SHA2

Question

I have tried to find the answer to this but I couldn t find an answer     How do I check if my SSL Certificate is using SHA1 or SHA2   Reason I ask is because it might have to do with the certificate not loading on Mozilla Browers      Any ideas  Can I check through cPanel

User · Answer

I had to modify this slightly to be used on a Windows System. Here's the one-liner version for a windows box.

openssl.exe s_client -connect yoursitename.com:443 > CertInfo.txt && openssl x509 -text -in CertInfo.txt | find "Signature Algorithm" && del CertInfo.txt /F

Tested on Server 2012 R2 using http://iweb.dl.sourceforge.net/project/gnuwin32/openssl/0.9.8h-1/openssl-0.9.8h-1-bin.zip

User · Answer

openssl s client -connect api cscglobal com 443  lt   dev null 2 gt  dev null    openssl x509 -text -in  dev stdin   grep  Signature Algorithm    cut -d     -f2   uniq   sed      d    sed -e  s     t

User · Answer

Use the Linux Command Line  Use the command line  as described in this related question  How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline   Command  Here s the command  Replace www yoursite com 443 to fit your needs  Default SSL port is 443   openssl s client -connect www yoursite com 443  lt   dev null 2 gt  dev null         openssl x509 -text -in  dev stdin   grep  Signature Algorithm    Results  This should return something like this for the sha1   Signature Algorithm  sha1WithRSAEncryption   or this for the newer version   Signature Algorithm  sha256WithRSAEncryption   References  The article Why Google is Hurrying the Web to Kill SHA-1 describes exactly what you would expect and has a pretty graphic  too

User · Answer

You can check by visiting the site in your browser and viewing the certificate that the browser received   The details of how to do that can vary from browser to browser  but generally if you click or right-click on the lock icon  there should be an option to view the certificate details   In the list of certificate fields  look for one called  Certificate Signature Algorithm     For StackOverflow s certificate  its value is  PKCS  1 SHA-1 With RSA Encryption

User · Answer

Update  The site below is no longer running because  as they say on the site      As of January 1  2016  no publicly trusted CA is allowed to issue a SHA-1 certificate  In addition  SHA-1 support was removed by most modern browsers and operating systems in early 2017  Any new certificate you get should automatically use a SHA-2 algorithm for its signature       Legacy clients will continue to accept SHA-1 certificates  and it is possible to have requested a certificate on December 31  2015 that is valid for 39 months  So  it is possible to see SHA-1 certificates in the wild that expire in early 2019    Original answer   You can also use https   shaaaaaaaaaaaaa com  - set up to make this particular task easy   The site has a text box - you type in your site domain name  click the Go button and it then tells you whether the site is using SHA1 or SHA2   Background

[sha1] Check if my SSL Certificate is SHA1 or SHA2

Examples related to sha1

Examples related to sha2