How to test website SSL certificate if using SHA-1 and Fix it.
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function produces 160-bit hash value, and it’s considered weak.
It’s quite interesting to know as of May 2014 – there are 93 % of a website are vulnerable to SHA1 on the Internet.
Google has started gradually sunsetting SHA-1 and Chrome version 39 and later will indicate visual security warning on websites with SHA-1 SSL certificate with validity beyond 1st Jan 2016.
Well, that’s how Web Security is evolving, and one of the challenging tasks for Web Security Administrator would be to keep up-to-date one’s knowledge and act wisely on security vulnerabilities to secure Web Applications.
In this article, I will talk about how to check for SHA-1 vulnerability and how you can fix this.
Test SSL SHA-1 bug
One of the quickest ways to test if your website SSL is signed with SHA-1 would be to hit the following URL and enter the URL and click on Go.
If it’s signed with SHA-1, you will get following dang
else you will get a nice message.
You may also check the following, which can help to check SHA-1.
Fix SSL SHA-1 bug
Fixing SHA-1 means you need to get SSL certificate signed with SHA-2.
Some SSL cert provider can provide you a cert with SHA-2 signed, however, in most cases you would like to get the new SSL certificate signed and implement it.
To get SHA-2 certificate using OpenSSL
openssl req -new -sha256 -key example.key -out example.csr
You may also generate certificate online on following:-
I hope now you know if your website SSL is SHA-1 signed and understood the procedure to fix this.