Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Check if my SSL Certificate is SHA1 or SHA2

Tags:

sha1

sha2

I have tried to find the answer to this but I couldn't find an answer...

How do I check if my SSL Certificate is using SHA1 or SHA2?

Reason I ask is because it might have to do with the certificate not loading on Mozilla Browers....

Any ideas? Can I check through cPanel?

like image 526
Henry Avatar asked Sep 12 '14 14:09

Henry

People also ask

How do I know my SSL certificate type?

For most browsers, look to see if a site URL begins with “https,” which indicates it has an SSL certificate. Then click on the padlock icon in the address bar to view the certificate information.

What is SHA-2 SSL certificate?

SHA-2 features a higher level of security than its predecessor. It was designed through The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). Entrust uses the SHA-1 hashing algorithm to sign all digital certificates.

2 Answers

Use the Linux Command Line

Use the command line, as described in this related question: How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline.

Command

Here's the command. Replace www.yoursite.com:443 to fit your needs. Default SSL port is 443:

openssl s_client -connect www.yoursite.com:443 < /dev/null 2>/dev/null \     | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

Results

This should return something like this for the sha1:

Signature Algorithm: sha1WithRSAEncryption

or this for the newer version:

Signature Algorithm: sha256WithRSAEncryption

References

The article Why Google is Hurrying the Web to Kill SHA-1 describes exactly what you would expect and has a pretty graphic, too.

like image 180
cwd Avatar answered Oct 04 '22 19:10

cwd

Update: The site below is no longer running because, as they say on the site:

As of January 1, 2016, no publicly trusted CA is allowed to issue a SHA-1 certificate. In addition, SHA-1 support was removed by most modern browsers and operating systems in early 2017. Any new certificate you get should automatically use a SHA-2 algorithm for its signature.

Legacy clients will continue to accept SHA-1 certificates, and it is possible to have requested a certificate on December 31, 2015 that is valid for 39 months. So, it is possible to see SHA-1 certificates in the wild that expire in early 2019.

Original answer:

You can also use https://shaaaaaaaaaaaaa.com/ - set up to make this particular task easy. The site has a text box - you type in your site domain name, click the Go button and it then tells you whether the site is using SHA1 or SHA2.

Background

like image 20
Hamish Downer Avatar answered Oct 04 '22 19:10

Hamish Downer
Sign in to Comment

Related questions

How do you verify an RSA SHA1 signature in Python?
Objective C: SHA1
How does the newly found SHA-1 collision affect Git?
SHA1 collision demo / example
Android SHA1 release keystore not working with Google Maps
Git File Integrity
Can a SHA-1 hash be all-zeroes?
How to installing sha1sum in MAC OS?
Is there an equivalent to SHA1() in MS-SQL?
C# SHA-1 vs. PHP SHA-1...Different Results?
Why use SHA1 for hashing secrets when SHA-512 is more secure?
Password hash function for Excel VBA
RSA signature size?
Is it possible to reverse a sha1?
Why is a SHA-1 Hash 40 characters long if it is only 160 bit?
How to convert byte array to string in Go [duplicate]
Creating SHA1 Hash from NSString
Git - finding a filename from a SHA1
A Regex to match a SHA1
What are the chances that two messages have the same MD5 digest and the same SHA1 digest?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!