The migration from the SHA-1 to SHA-2 certificates is the matter of current interest to Internet users. The certificates signed with SHA-1 are considered deprecated and a fair question arises: how can I check the hashing algorithm of my certificate? The ways to check are quite different and we will describe the basic ones.
If the certificate is already installed and working, there are three ways to check the hashing algorithm: in a web browser, in an online checker and in a command line. To check the hashing algorithm of the certificate that is not installed on the server is not a problem as well (refer to section 4).
The padlock or the tune icon in your browser address bar features a lot of information about your SSL certificate. You can find the hashing algorithm and other info when you click it.
You can find out even more details by clicking on View Certificate:
You'll be redirected to the info page in browser with the explicit details on the certificate.
SHA-1 certificates test results in Dang. Domain is using SHA-1.
The Signature Algorithm can be checked in the General Information menu:
Also, you can scroll the page down and view the certificate information indicates the Signature Algorithm of the certificate along with other information in the Raw OpenSSL Data window.
The command to check the hash function used in the certificate signature:
openssl x509 -noout -text -in example.crt
where example.crt is your certificate’s filename. The output shows the Signature Algorithm of the certificate in the Data section.
Also, to extract only the hashing algorithm this command can be used:
openssl x509 -noout -text -in example.crt | grep "Signature Algorithm" | uniq
The output is short and clear: