How do I check my hashing algorithm?
The migration from the SHA-1 to SHA-2 certificates is the matter of current interest to Internet users. The certificates signed with SHA-1 are considered deprecated and a fair question arises: how can I check the hashing algorithm of my certificate? The ways to check are quite different and we will describe the basic ones.
If the certificate is already installed and working, there are three ways to check the hashing algorithm: in a web browser, in an online checker and in a command line. To check the hashing algorithm of the certificate that is not installed on the server is not a problem as well (refer to section 4).
The green bar or the padlock in the browser address bar bears a lot of information about your certificate. When clicking on it you can find the hashing algorithm among other info. These are the steps to perform in Chrome:
click on the padlock >> Connection >> Certificate information >> Details >> Signature Algorithm.
The same results are shown in Firefox and Internet Explorer. A click on the Padlock in IE will show the certificate information window with a View certificates button.
Just click on it and the same window with a Details tab as in Chrome will show up.
A Firefox window with certificate information slightly differs. The following steps are to be made in Firefox:
click on a Padlock or a Green bar >> More information >> View certificate >> Details >> Certificate Signature Algorithm.
Quite easy and user friendly checker. All you need to do is enter your domain name and click GO. If the certificate is in SHA-2, the checker will show Nice.
SHA-1 certificates test results in Dang. Domain is using SHA-1.
Also, the hashing algorithm of the certificate is displayed by the Decoder.link. Type in the domain name in the checker and run a test, scroll the page to the bottom and in the General Information section check Signature Algorithm.
- Besides, you can check the hashing algorithm of the certificate by decoding it; when the certificate is not yet installed on the server, it can be rather handy. In the Decoder.link, there's a SSL & CSR Decoder section. Insert the SSL certificate into the box and run a test.
The Signature Algorithm can be checked in the General Information menu:
Also, you can scroll the page down and view the certificate information indicates the Signature Algorithm of the certificate along with other information in the Raw OpenSSL Data window.
There is a convenient decision for OpenSSL users as well. OpenSSL is a good option to learn all about the certificate on your server and it does not require the site to be published unlike the web browser.
The command to check the hash function used in the certificate signature:
openssl x509 -noout -text -in example.crt
where example.crt is your certificate’s filename. The output shows the Signature Algorithm of the certificate in the Data section.
Also, to extract only the hashing algorithm this command can be used:
openssl x509 -noout -text -in example.crt | grep "Signature Algorithm" | uniq
The output is short and clear: