SSL : How to check if current certificate is sha1 or sha2

Tags : ssl sha256 sha1 openssl

Got an email notification today by my SSL certificate provider, highlighting the weaknesses of SHA1 SSL certificate( which is roughly used by 90% of the SSL-ed websites out there ) and urging me to regenerate the certificates to SHA2 standard. If not, then sometimes in future, Google Chrome will marked the SHA1 https to be insecure https.

In this tutorial, we will learn how to check if the current SSL certificate is sha1 or sha2

1st method :

Use to check your website SSL cert. If your certificate is SHA2 . You will see a big green table with the description

Algorithm Type : sha256WithRSAEncryption

If your certificate is SHA1, then you will see a red table with the description

Algorithm Type : sha1WithRSAEncryption

At the time of writing this tutorial, checking website with will produce a big red flag.

2nd method:

This is to check your website certificate from the command line :

openssl s_client -connect < /dev/null 2>/dev/null

| openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

the result should look like

Signature Algorithm: sha1WithRSAEncryption for sha1


Signature Algorithm: sha256WithRSAEncryption for sha2

Remember to generate new SSL certificates that are SHA2 standard if your website still using SHA1 Algorithm.

References :

  See also : SSL : The certificate is not trusted because no issuer chain was provided

Tags : ssl sha256 sha1 openssl

By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.