How do I check if my SSL Certificate is SHA1 or SHA2 on the commandline

Question

How do I check if my SSL Certificate is using SHA1 or SHA2, from the commandline?

And yes, i this is similar to this, but i need a cli-tool and i want to understand how it is done.

that guy from over there · Answer 1 · 2017-01-18T06:07:55.723

25

after googling for quite some time i came up with the following snippet (unix):

openssl s_client -connect <host>:<port> < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"

windows (thanx Nick Westgate, see below)

certutil -dump cacert.pem | find "Algorithm"

edited Jan 18 '17 at 06:07

answered Oct 20 '14 at 19:27

In my case on Windows with a .p12-certificate i used: certutil -dump crtname.p12 | find "Cert Hash" (Also, my certificate had a password, so I had to type that in too after pressing enter.) – Björn May 08 '20 at 07:18

score 21 · Answer 2 · answered Nov 24 '15 at 08:56

21

I know the topic is old but I think

openssl x509 -in yourcert.crt -text -noout | grep "Signature Algorithm"

would be an easier solution.

answered Nov 24 '15 at 08:56

user1238393

This is exactly what the first answer eventually does. A certificate is usually installed on a web server and does not exist in a file, and rink.attendant.6's answer fetches the cerificate AND runs the verification check in a single line – Shalom Carmel Nov 23 '16 at 13:03
1

@ShalomCarmel but this one is helpful to admins like myself who want to double-check a certificate we've inherited, and have shell access to the server :) – Doktor J Jan 31 '18 at 15:15

score 4 · Answer 3 · answered Jan 17 '17 at 04:14

4

You didn't specify a platform, but in a Windows command prompt you can use:

certutil -dump cacert.pem | find "Algorithm"

answered Jan 17 '17 at 04:14

Nick Westgate

score 0 · Answer 4 · answered Jan 20 '17 at 09:47

0

In PowerShell

PS C:\> certutil -dump cacert.pem | findstr "Algorithm"

answered Jan 20 '17 at 09:47

wown

4 Answers4