What Is SHA-1 Certificate

Q

What is SHA-1 (Secure Hash Algorithm 1) Certificate?

✍: FYIcenter.com

A

SHA-1 (Secure Hash Algorithm 1) Certificate is a X.509 certificate that uses SHA-256 hash function to generate the hash of the public key provided by the certificate subject.

Here is an example of a SHA-256 certificate:

fyicenter$ openssl x509 -in Twitter.pem -text -noout

Name:
/C=US/ST=California/L=San Francisco/O=Twitter, Inc./CN=twitter.com

Subject: 
   Common Name (CN): twitter.com
   Organizational Unit Name (OU): 
   Organization Name (O): Twitter, Inc.
   Locality Name (L): San Francisco
   State or Province Name (ST): California
   Country Name (C): US
   Email Address: 
Issuer: 
   Common Name (CN): DigiCert TLS RSA SHA256 2020 CA1
   Organizational Unit Name (OU): 
   Organization Name (O): DigiCert Inc
   Locality Name (L): 
   State or Province Name (ST): 
   Country Name (C): US
   Email Address: 
Valid From: Tue, 12 Jan 2021 00:00:00 +0000 
Valid To: Tue, 11 Jan 2022 23:59:59 +0000 
Serial Number: 9494313099484426751112491850005457781 
Hash: b025b9a3 
Version: 2 
Signature Type: sha256WithRSAEncryption 
Purposes:  
   SSL client 
   SSL server 
   Netscape SSL server 
   S/MIME signing 
   S/MIME encryption 
   CRL signing 
   Any Purpose 
   OCSP helper 
   Time Stamp signing 
Extensions:  
   authorityKeyIdentifier:
      keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
 
   subjectKeyIdentifier:
      B9:23:4B:91:46:7C:0B:07:51:48:AD:FD:EF:94:22:20:53:71:C9:B5 
   subjectAltName:
      DNS:twitter.com, DNS:www.twitter.com 
   keyUsage:
      Digital Signature, Key Encipherment 
   extendedKeyUsage:
      TLS Web Server Authentication, TLS Web Client Authentication 
   crlDistributionPoints:
      
Full Name:
  URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl

Full Name:
  URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
 
   certificatePolicies:
      Policy: 2.16.840.1.114412.1.1
  CPS: http://www.digicert.com/CPS
Policy: 2.23.140.1.2.2
 
   authorityInfoAccess:
      OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt
 
   basicConstraints:
      CA:FALSE 
   ct_precert_scts:
      Signed Certificate Timestamp:
    Version   : v1 (0x0)
    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
    Timestamp : Jan 12 21:50:05.484 2021 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:F9:BD:E1:8B:26:44:B2:23:30:27:24:
                8F:19:33:F1:6F:CC:EC:DB:58:95:32:2F:27:C2:BB:4E:
                CC:E0:C7:2F:6A:02:20:05:B4:2B:2C:94:8C:08:53:30:
                C4:D4:AC:6E:E5:ED:CA:59:DE:52:AD:51:16:B9:59:C4:
                9D:30:91:81:D0:28:13
Signed Certificate Timestamp:
    Version   : v1 (0x0)
    Log ID    : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
                E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
    Timestamp : Jan 12 21:50:05.617 2021 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:46:02:21:00:F1:48:FE:E2:95:5E:F5:D6:92:A7:F5:
                66:8C:B3:55:4A:21:6D:B2:6B:7F:00:DB:93:9B:E1:FE:
                F9:36:96:4A:21:02:21:00:87:22:CC:5C:AF:84:8C:D7:
                BA:8F:0D:46:36:34:25:73:E8:B2:61:9B:91:4A:42:3F:
                09:0F:47:43:CC:FC:B4:2E 

As you can see, the "Signature Type: sha256WithRSAEncryption " field tells us that this "Twitter" certificate is a SHA-256 certificate.

 

What Is SHA-256

What Is SHA-1

Terminologies on Advanced Concepts

⇑⇑ "What Is" - Certificate Related Terminologies

2021-11-30, 514👍, 0💬