Convert sha384 to sha256


#1

How I convert sha384 to sha256. Please help me.


#2

What do you mean?

What are you trying to do? What software are you using?

Why do you want to do it?


#3

I received SSL certificate sha384 , but server asking for me sha256 certificate. So I want to change the encryption. Please let me know how I do this.
Thanks


#4

Let’s Encrypt signs its certificates with sha256WithRSAEncryption. Not with sha384.

In any case, you can’t change the signature algorithm of a certificate yourself directly: the signing is of course done by the Certificate Authority which has issued the certificate. At most there could be some kind of setting when you requested the certificate to choose the signature algorithm.


#5

Can you check its 256 or 384 on my sites.
Ovelo.fr
Dev.ovelo.fr


#6

Hi @ravi2432,

You might be confusing the hash algorithm used for signing in the digital certificate with the hash algorithm used for signing in the negotiated TLS session.

The signing algorithm in the certificate issued to you by Let’s Encrypt is sha256WithRSAEncryption.

The protocol suite offered by your server afterward is ECDHE-RSA-AES256-GCM-SHA384.

These are two different and independent things. Let’s Encrypt only has control over the first one, and used SHA256.

Only the server administrator of your server (probably you?) has control over the second one. It is controlled by your ciphersuite settings in your web server configuration.

It can be any of these

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

but we suggest using this tool

https://mozilla.github.io/server-side-tls/ssl-config-generator/

to generate configuration settings for web servers based on your preferences about security and compatibility. That includes the algorithms that are allowed to be used in the ciphersuite.

To summarize, it’s your own web server that has chosen to suggest the use of SHA384, not your Let’s Encrypt certificate.


#7

I see its sha256.


#8

Actly I Dont have knowledge about this. Let me discuss with my server guy. And back to you if I have any query or issue.

Thanks


#9

That’s the fingerprints hashing algorithm, not the hash algorithm used in the signature. :slight_smile:

In the “Details” tab you can find the signature algorithm used:


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.