How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline
30,613
Solution 1
after googling for quite some time i came up with the following snippet (unix):
openssl s_client -connect <host>:<port> < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
windows (thanx Nick Westgate, see below)
certutil -dump cacert.pem | find "Algorithm"
Solution 2
I know the topic is old but I think
openssl x509 -in yourcert.crt -text -noout | grep "Signature Algorithm"
would be an easier solution.
Solution 3
You didn't specify a platform, but in a Windows command prompt you can use:
certutil -dump cacert.pem | find "Algorithm"
Related videos on Youtube
Author by
that guy from over there
sysadmin, waf-developer and skiddo-hunter
Updated on July 30, 2022Comments
-
that guy from over there almost 2 years
How do I check if my SSL Certificate is using SHA1 or SHA2, from the commandline?
And yes, i this is similar to this, but i need a cli-tool and i want to understand how it is done.
-
Shalom Carmel over 7 yearsThis is exactly what the first answer eventually does. A certificate is usually installed on a web server and does not exist in a file, and rink.attendant.6's answer fetches the cerificate AND runs the verification check in a single line
-
that guy from over there over 7 yearsincluded your answer, thanx
-
Doktor J over 6 years@ShalomCarmel but this one is helpful to admins like myself who want to double-check a certificate we've inherited, and have shell access to the server :)
-
Björn about 4 yearsIn my case on Windows with a .p12-certificate i used: certutil -dump crtname.p12 | find "Cert Hash" (Also, my certificate had a password, so I had to type that in too after pressing enter.)