SSL : How to check if current certificate is sha1 or sha2
Got an email notification today by my SSL certificate provider, highlighting the weaknesses of SHA1 SSL certificate( which is roughly used by 90% of the SSL-ed websites out there ) and urging me to regenerate the certificates to SHA2 standard. If not, then sometimes in future, Google Chrome will marked the SHA1 https to be insecure https.
In this tutorial, we will learn how to check if the current SSL certificate is sha1 or sha2
1st method :
Use https://www.sha2sslchecker.com to check your website SSL cert. If your certificate is SHA2 . You will see a big green table with the description
Algorithm Type : sha256WithRSAEncryption
If your certificate is SHA1, then you will see a red table with the description
Algorithm Type : sha1WithRSAEncryption
At the time of writing this tutorial, checking maybank2u.com website with https://www.sha2sslchecker.com/www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login will produce a big red flag.
2nd method:
This is to check your website certificate from the command line :
openssl s_client -connect www.yoursite.com:443 < /dev/null 2>/dev/null
| openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
the result should look like
Signature Algorithm: sha1WithRSAEncryption
for sha1
and
Signature Algorithm: sha256WithRSAEncryption
for sha2
Remember to generate new SSL certificates that are SHA2 standard if your website still using SHA1 Algorithm.
References :
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
See also : SSL : The certificate is not trusted because no issuer chain was provided
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+8.5k Golang : Take screen shot of browser with JQuery example
+10.5k PHP : Convert(cast) bigInt to string
+9k Golang : Detect Pascal, Kebab, Screaming Snake and Camel cases
+8.7k Golang : Go as a script or running go with shebang/hashbang style
+17.7k Golang : Convert IPv4 address to decimal number(base 10) or integer
+7.6k Golang : Handle Palindrome string with case sensitivity and unicode
+11.7k Golang : Get remaining text such as id or filename after last segment in URL path
+9.2k Golang : Convert(cast) string to int64
+10.6k Golang : Natural string sorting example
+6.3k Elasticsearch : Shutdown a local node
+33.6k Golang : Call a function after some delay(time.Sleep and Tick)
+7.4k Golang : get the current working directory of a running program