Check if my SSL Certificate is SHA1 or SHA2

Question

I have tried to find the answer to this but I couldn t find an answer     How do I check if my SSL Certificate is using SHA1 or SHA2   Reason I ask is because it might have to do with the certificate not loading on Mozilla Browers      Any ideas  Can I check through cPanel

User · Answer

Use the Linux Command Line

Use the command line, as described in this related question: How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline.

Command

Here's the command. Replace www.yoursite.com:443 to fit your needs. Default SSL port is 443:

openssl s_client -connect www.yoursite.com:443 < /dev/null 2>/dev/null \
    | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

Results

This should return something like this for the sha1:

Signature Algorithm: sha1WithRSAEncryption

or this for the newer version:

Signature Algorithm: sha256WithRSAEncryption

References

The article Why Google is Hurrying the Web to Kill SHA-1 describes exactly what you would expect and has a pretty graphic, too.

User · Answer

I had to modify this slightly to be used on a Windows System  Here s the one-liner version for a windows box    openssl exe s client -connect yoursitename com 443  gt  CertInfo txt  amp  amp  openssl x509 -text -in CertInfo txt   find  Signature Algorithm   amp  amp  del CertInfo txt  F   Tested on Server 2012 R2 using http   iweb dl sourceforge net project gnuwin32 openssl 0 9 8h-1 openssl-0 9 8h-1-bin zip

User · Answer

openssl s client -connect api cscglobal com 443  lt   dev null 2 gt  dev null    openssl x509 -text -in  dev stdin   grep  Signature Algorithm    cut -d     -f2   uniq   sed      d    sed -e  s     t

User · Answer

You can check by visiting the site in your browser and viewing the certificate that the browser received   The details of how to do that can vary from browser to browser  but generally if you click or right-click on the lock icon  there should be an option to view the certificate details   In the list of certificate fields  look for one called  Certificate Signature Algorithm     For StackOverflow s certificate  its value is  PKCS  1 SHA-1 With RSA Encryption

User · Answer

Update  The site below is no longer running because  as they say on the site      As of January 1  2016  no publicly trusted CA is allowed to issue a SHA-1 certificate  In addition  SHA-1 support was removed by most modern browsers and operating systems in early 2017  Any new certificate you get should automatically use a SHA-2 algorithm for its signature       Legacy clients will continue to accept SHA-1 certificates  and it is possible to have requested a certificate on December 31  2015 that is valid for 39 months  So  it is possible to see SHA-1 certificates in the wild that expire in early 2019    Original answer   You can also use https   shaaaaaaaaaaaaa com  - set up to make this particular task easy   The site has a text box - you type in your site domain name  click the Go button and it then tells you whether the site is using SHA1 or SHA2   Background

[sha1] Check if my SSL Certificate is SHA1 or SHA2

Use the Linux Command Line

Command

Results

References

Examples related to sha1

Examples related to sha2