How To Check If Your SSL Cert Is SHA 1

SHA 1 has been known to have many weaknesses for over 10 years and it’s not at the point where it is possible to crack it if you have the resources. As of 2016, websites using SHA1 SSL certs will be penalized.

Check your certificate with this tool.

As of January 1, 2016, no publicly trusted CA is allowed to issue a SHA-1 certificate. So any new certificate you get should automatically use a SHA-2 algorithm for its signature.

However, existing SHA-1 certificates are still trusted by modern browsers and operating systems. Generally, they will be removing support for SHA-1 entirely by January 1, 2017.

Legacy clients will continue to accept SHA-1 certificates, and it is possible to have requested a certificate on December 31, 2015 valid for 39 months. So, it is possible to see SHA-1 certificates in the wild that expire in 2019.