How do I check my hashing algorithm?

The migration from the SHA-1 to SHA-2 certificates is the matter of current interest to Internet users. The certificates signed with SHA-1 are considered deprecated and a fair question arises: how can I check the hashing algorithm of my certificate? The ways to check are quite different and we will describe the basic ones.

If the certificate is already installed and working, there are three ways to check the hashing algorithm: in a web browser, in an online checker and in a command line. To check the hashing algorithm of the certificate that is not installed on the server is not a problem as well (refer to section 4).

  1. The green bar Check_hash_1.jpg or the padlock Check_hash_2.jpg in the browser address bar bears a lot of information about your certificate. When clicking on it you can find the hashing algorithm among other info. These are the steps to perform in Chrome:

    click on the padlock > Connection > Certificate information > Details > Signature Algorithm.

    nc_hash_alg_1.png

    nc_hash_alg_2

    The same results are shown in Firefox and Internet Explorer. A click on the Padlock in IE will show the certificate information window with a “View certificates” button.

    Check_hash_5.jpg

    Just click on it and the same window with a “Details” tab as in Chrome will show up.

    A Firefox window with certificate information slightly differs. The following steps are to be made in Firefox:

    click on a Padlock or a Green bar >> More information >> View certificate >> Details >> Certificate Signature Algorithm.

    nc_hash_alg_4

    nc_hash_alg_5

    nc_hash_alg_6

    nc_hash_alg_7

  2. Quite easy and user friendly checker. All you need to do is enter your domain name and click GO. If the certificate is in SHA-2, the checker will show “Nice.”.

    Check_hash_8.jpg

    SHA-1 certificates test results in the “Dang. Domain is using SHA-1” message.

    Check_hash_9.jpg

  3. Also the hashing algorithm of the certificate is displayed by the online SSL Checker. Type in the domain name in the checker and run a test, scroll the page to the bottom and in the Advanced section check Signature algorithm.

    Check_hash_10.jpg

    Check_hash_11.jpg

  4. Besides, you can check the hashing algorithm of the certificate by decoding it; when the certificate is not yet installed on the server, it can be rather handy. In the SSL Checker there is a ‘Decoders’ section, click on it and select SSL Decoder.

    Check_hash_12.jpg

    Insert the SSL certificate or browse it as a file into the Certificate box and run a test.

    Check_hash_13.jpg

    On the bottom of the page click on ‘Raw Output’, the drop-down menu with the certificate information indicates the Signature algorithm of the certificate along with other information.

    Check_hash_14.jpg

  5. There is a convenient decision for OpenSSL users as well. OpenSSL is a good option to learn all about the certificate on your server and it does not require the site to be published unlike the web browser.

    The command to check the hash function used in the certificate signature:

    openssl x509 -noout -text -in example.crt

    where example.crt is your certificate’s filename. The output shows the Signature Algorithm of the certificate in the Data section.

    Check_hash_15.jpg

    Also, to extract only the hashing algorithm this command can be used:

    openssl x509 -noout -text -in example.crt | grep "Signature Algorithm" | uniq

    The output is short and clear:

    Check_hash_16.jpg

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close