How to Check if SSL Certificate is SHA1 or SHA2 using OpenSSL?

Question: How to check if a particular website is using SHA1 or SHA2 Certificate? I would like to know the steps to check via web browsers and also using OpenSSL commands.

How to check Signature Algorithm of SSL certificate using OpenSSL Command?

The OpenSSL command shown below will fetch a SSL certificate issued to google.com and checks if the signature algorithm is SHA1 or SHA2.

$ openssl s_client -connect google.com:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep Signature
 Signature Algorithm: sha256WithRSAEncryption
 Signature Algorithm: sha256WithRSAEncryption

You can also use OpenSSL command to verify local web server certificate.

$ openssl x509 -text -in /etc/httpd/certs/server.crt |grep Signature
 Signature Algorithm: sha1WithRSAEncryption
 Signature Algorithm: sha1WithRSAEncryption

Check SSL certificate via Web Browser

Google Chrome: After opening a website, click on the green lock icon next to the website URL in the address bar of the web browser. Click “Connection” > Certificate information.

SSL certificate sha256

In the “Certificate” dialog, click “Details” and select “Signature hash algorithm” and lookout for the value.

sha256 certificate information

On Firefox Browser:

Click the lock icon next to the website URL in the address bar and click “More Information”

ssl cert info firefox

Click Security tab and “View Certificate” button.

SSL certificate sha2

In the “Certificate Viewer” dialog, click “Certificate Signature Algorithm” under “Certificate Fields” and lookout for the value.

sha256 signature info

On Internet Explorer:

Click lock icon > View certificates.

website-ssl-cert-ie-info-1

In the “Certificate” dialog, click “Details” and select “Signature hash algorithm” and lookout for the value (refer the screenshot of Chrome).

Bonus…SHA1 is obsolete and SHA256 is must

This tutorial is a step by step guide to Generate SHA2 based Certificate using OpenSSL.

Topics :

vps germany

Get Free Email Updates

Disclaimer: The content published in this article is the views of the author only. Techglimpse does not gurantee accuracy, completness or validity. If you believe the content on this post violates your copyright, please send us a mail for removal. Read more.