How to check if SSL certificate is SHA1 or SHA2

By | July 10, 2016

While creating SSL certificate, you should ensure that you should created with SHA2 algorithm. There are 3 ways to check this:

Check certificate in browser itself

You can open the website in Chrome using like https://www.mysite.com (or using IP address https://x.x.x.x) and click on

ssl-cert-sha1-sha2-check-1It will open DevTools windows, and you can check information regarding algorithm used.

ssl-cert-sha1-sha2-check-2

As you can see that current certificate is SHA-1 certificate with message “The certificate for this sire expired in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.”

Now let see how a SHA-2 signed website looks like; for this visit https://www.google.com and click on green PadLock and it will popup the certificate like below. As you can see that –

Signature algorithm – sha256RSA
Signature hash algorithm – sha256

ssl-cert-sha1-sha2-check-3-google

 

Check through command line:

Check through online tools:

If your wesbite is accessible from Internet then you can use many online to check SHA1 or SHA2 signed algorithm.

  1. https://shaaaaaaaaaaaaa.com/ – Check your site for weak SHA-1 certificates.
  2. https://www.sha2sslchecker.com/ – SHA-2 Testing Tool
  3. https://shachecker.com/ – Check your website for old encryption algorithm SHA-1

Leave a Reply

Your email address will not be published. Required fields are marked *