Linux SysAdmin

Technology Beyond Infinity – Your guide to latest technology, software, Internet & computers and many more….. Let's compute with confidence !!!

Linux FAQ 

How to check if SSL certificate is SHA1 or SHA2

LinuxSysAdmin 0 Comments , , , ,

While creating SSL certificate, you should ensure that you should created with SHA2 algorithm. There are 3 ways to check this:

Check certificate in browser itself

You can open the website in Chrome using like https://www.mysite.com (or using IP address https://x.x.x.x) and click on

ssl-cert-sha1-sha2-check-1It will open DevTools windows, and you can check information regarding algorithm used.

ssl-cert-sha1-sha2-check-2

As you can see that current certificate is SHA-1 certificate with message “The certificate for this sire expired in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.”

Now let see how a SHA-2 signed website looks like; for this visit https://www.google.com and click on green PadLock and it will popup the certificate like below. As you can see that –

Signature algorithm – sha256RSA
Signature hash algorithm – sha256

ssl-cert-sha1-sha2-check-3-google

 

Check through command line:

$ openssl s_client -connect localhost:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
    Signature Algorithm: sha1WithRSAEncryption
    Signature Algorithm: sha1WithRSAEncryption

$ openssl x509 -noout -text -in localhost.crt | grep "Signature Algorithm" | uniq

$ openssl x509 -noout -text -in servercert.pem ### For .pem certificate

Check through online tools:

If your wesbite is accessible from Internet then you can use many online to check SHA1 or SHA2 signed algorithm.

  1. https://shaaaaaaaaaaaaa.com/ – Check your site for weak SHA-1 certificates.
  2. https://www.sha2sslchecker.com/ – SHA-2 Testing Tool
  3. https://shachecker.com/ – Check your website for old encryption algorithm SHA-1

Leave a Reply

Your email address will not be published. Required fields are marked *