Check if my SSL Certificate is SHA1 or SHA2
I have tried to find the answer to this but I couldn't find an answer...
How do I check if my SSL Certificate is using SHA1 or SHA2?
Reason I ask is because it might have to do with the certificate not loading on Mozilla Browers....
Any ideas? Can I check through cPanel?
Solution 1:
Use the Linux Command Line
Use the command line, as described in this related question: How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline.
Command
Here's the command. Replace www.yoursite.com:443 to fit your needs. Default SSL port is 443:
openssl s_client -connect www.yoursite.com:443 < /dev/null 2>/dev/null \
| openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
Results
This should return something like this for the sha1:
Signature Algorithm: sha1WithRSAEncryption
or this for the newer version:
Signature Algorithm: sha256WithRSAEncryption
References
The article Why Google is Hurrying the Web to Kill SHA-1 describes exactly what you would expect and has a pretty graphic, too.
Solution 2:
Update: The site below is no longer running because, as they say on the site:
As of January 1, 2016, no publicly trusted CA is allowed to issue a SHA-1 certificate. In addition, SHA-1 support was removed by most modern browsers and operating systems in early 2017. Any new certificate you get should automatically use a SHA-2 algorithm for its signature.
Legacy clients will continue to accept SHA-1 certificates, and it is possible to have requested a certificate on December 31, 2015 that is valid for 39 months. So, it is possible to see SHA-1 certificates in the wild that expire in early 2019.
Original answer:
You can also use https://shaaaaaaaaaaaaa.com/ - set up to make this particular task easy. The site has a text box - you type in your site domain name, click the Go button and it then tells you whether the site is using SHA1 or SHA2.
Background