Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (2051)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5947)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4864)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
What Is SHA-256 Certificate
What is SHA-256 (Secure Hash Algorithm 2 - 256 bits) Certificate?
✍: FYIcenter.com
SHASHA-256 (Secure Hash Algorithm 2 - 256 bits) Certificate is
a X.509 certificate that uses SHA-1 hash function to generate the hash
of the public key provided by the certificate subject.
Here is an example of a SHA-1 certificate:
fyicenter$ openssl x509 -in GlobalSign.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:0f:86:26:e6:0d Signature Algorithm: sha1WithRSAEncryption Issuer: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign Validity Not Before: Dec 15 08:00:00 2006 GMT Not After : Dec 15 08:00:00 2021 GMT Subject: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a6:cf:24:0e:be:2e:6f:28:99:45:42:c4:ab:3e: 21:54:9b:0b:d3:7f:84:70:fa:12:b3:cb:bf:87:5f: c6:7f:86:d3:b2:30:5c:d6:fd:ad:f1:7b:dc:e5:f8: 60:96:09:92:10:f5:d0:53:de:fb:7b:7e:73:88:ac: 52:88:7b:4a:a6:ca:49:a6:5e:a8:a7:8c:5a:11:bc: 7a:82:eb:be:8c:e9:b3:ac:96:25:07:97:4a:99:2a: 07:2f:b4:1e:77:bf:8a:0f:b5:02:7c:1b:96:b8:c5: b9:3a:2c:bc:d6:12:b9:eb:59:7d:e2:d0:06:86:5f: 5e:49:6a:b5:39:5e:88:34:ec:bc:78:0c:08:98:84: 6c:a8:cd:4b:b4:a0:7d:0c:79:4d:f0:b8:2d:cb:21: ca:d5:6c:5b:7d:e1:a0:29:84:a1:f9:d3:94:49:cb: 24:62:91:20:bc:dd:0b:d5:d9:cc:f9:ea:27:0a:2b: 73:91:c6:9d:1b:ac:c8:cb:e8:e0:a0:f4:2f:90:8b: 4d:fb:b0:36:1b:f6:19:7a:85:e0:6d:f2:61:13:88: 5c:9f:e0:93:0a:51:97:8a:5a:ce:af:ab:d5:f7:aa: 09:aa:60:bd:dc:d9:5f:df:72:a9:60:13:5e:00:01: c9:4a:fa:3f:a4:ea:07:03:21:02:8e:82:ca:03:c2: 9b:8f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E X509v3 CRL Distribution Points: Full Name: URI:http://crl.globalsign.net/root-r2.crl X509v3 Authority Key Identifier: keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E Signature Algorithm: sha1WithRSAEncryption 99:81:53:87:1c:68:97:86:91:ec:e0:4a:b8:44:0b:ab:81:ac: 27:4f:d6:c1:b8:1c:43:78:b3:0c:9a:fc:ea:2c:3c:6e:61:1b: 4d:4b:29:f5:9f:05:1d:26:c1:b8:e9:83:00:62:45:b6:a9:08: 93:b9:a9:33:4b:18:9a:c2:f8:87:88:4e:db:dd:71:34:1a:c1: 54:da:46:3f:e0:d3:2a:ab:6d:54:22:f5:3a:62:cd:20:6f:ba: 29:89:d7:dd:91:ee:d3:5c:a2:3e:a1:5b:41:f5:df:e5:64:43: 2d:e9:d5:39:ab:d2:a2:df:b7:8b:d0:c0:80:19:1c:45:c0:2d: 8c:e8:f8:2d:a4:74:56:49:c5:05:b5:4f:15:de:6e:44:78:39: 87:a8:7e:bb:f3:79:18:91:bb:f4:6f:9d:c1:f0:8c:35:8c:5d: 01:fb:c3:6d:b9:ef:44:6d:79:46:31:7e:0a:fe:a9:82:c1:ff: ef:ab:6e:20:c4:50:c9:5f:9d:4d:9b:17:8c:0c:e5:01:c9:a0: 41:6a:73:53:fa:a5:50:b4:6e:25:0f:fb:4c:18:f4:fd:52:d9: 8e:69:b1:e8:11:0f:de:88:d8:fb:1d:49:f7:aa:de:95:cf:20: 78:c2:60:12:db:25:40:8c:6a:fc:7e:42:38:40:64:12:f7:9e: 81:e1:93:2e
As you can see, the "Signature Algorithm: sha1WithRSAEncryption" field tells us that this "GlobalSign Root CA - R2" root CA certificate is a SHA-1 certificate. It is considered as not secure.
2021-11-30, 418👍, 0💬
Popular Posts:
Certificate Summary: Subject: DigiCert TLS RSA SHA256 2020 CA1 Issuer: DigiCert Global Root CA Expir...
Certificate Summary: Subject: login.live.com Issuer: VeriSign Class 3 Extended Validation SSL CA Exp...
Certificate summary - Owner: acquia-sites.com, Acquia Hosting, "Acquia, Inc.", L=Burlington, ST=Mass...
Certificate Summary: Subject: Baltimore CyberTrust Code Signing Root Issuer: Baltimore CyberTrust Co...
Certificate summary - Owner: YandexExternalCA, Dld, Dyandex, Dru Issuer: GTE CyberTrust Global Root,...