How do I check my hashing algorithm?

The certificates signed with SHA-1 are considered deprecated and a fair question arises: how can I check the hashing algorithm of my certificate? The ways to check are quite different and we will describe the basic ones.

If the certificate is already installed and working, there are three ways to check the hashing algorithm: in a web browser, in an online checker and in a command line. To check the hashing algorithm of the certificate that is not installed on the server is not a problem as well (refer to section 4).

  1. The padlock or the tune icon in your browser address bar features a lot of information about your SSL certificate. You can find the hashing algorithm and other info when you click it.

    • To check this in Chrome, click the padlock or tune icon >> Connection is secure >> Certificate is valid.


      Then, choose the Details tab and click on Certificate Signature Algorithm:


    • With Internet Explorer, click the padlock > View certificates >> Details >> Signature Algorithm:


    • For Microsoft Edge, click the padlock > Connection is secure > certificate icon:


      After that, open the "Details" tab and click on Certificate Signature Algorithm:

    • A Firefox window with certificate information slightly differs. The following steps are to be made in Firefox: click on a Padlock >> Connection Secure >> More Information >> Security >> Technical Details

      nc_hash_alg_4

      nc_hash_alg_5

      You can find out even more details by clicking on View Certificate:



      You'll be redirected to the info page in browser with the explicit details on the certificate.

  2. Quite easy and user friendly checker. All you need to do is enter your domain name and click GO. If the certificate is in SHA-2, the checker will show Nice.

    Check_hash_8.jpg

    SHA-1 certificates test results in Dang. Domain is using SHA-1.

    Check_hash_9.jpg

  3. Also, the hashing algorithm of the certificate is displayed by the Decoder.link. Type in the domain name in the checker and run a test, scroll the page to the bottom and in the General Information section check Signature Algorithm.


  4. Besides, you can check the hashing algorithm of the certificate by decoding it; when the certificate is not yet installed on the server, it can be rather handy. In the Decoder.link, there's a SSL & CSR Decoder section. Insert the SSL certificate into the box and run a test.

    The Signature Algorithm can be checked in the General Information menu:

    Also, you can scroll the page down and view the certificate information indicates the Signature Algorithm of the certificate along with other information in the Raw OpenSSL Data window.

  5. There is a convenient decision for OpenSSL users as well. OpenSSL is a good option to learn all about the certificate on your server and it does not require the site to be published unlike the web browser.

    The command to check the hash function used in the certificate signature:

    openssl x509 -noout -text -in example.crt

    where example.crt is your certificate’s filename. The output shows the Signature Algorithm of the certificate in the Data section.

    Check_hash_15.jpg

    Also, to extract only the hashing algorithm this command can be used:

    openssl x509 -noout -text -in example.crt | grep "Signature Algorithm" | uniq

    The output is short and clear:

    Check_hash_16.jpg

Updated
Viewed
59801 times

Need help? We're always here for you.

notmyip