Convert sha384 to sha256

ravi2432 · March 3, 2017, 6:15pm

How I convert sha384 to sha256. Please help me.

mnordhoff · March 3, 2017, 6:24pm

What do you mean?

What are you trying to do? What software are you using?

Why do you want to do it?

ravi2432 · March 3, 2017, 6:46pm

I received SSL certificate sha384 , but server asking for me sha256 certificate. So I want to change the encryption. Please let me know how I do this.
Thanks

Osiris · March 3, 2017, 6:50pm

Let’s Encrypt signs its certificates with sha256WithRSAEncryption. Not with sha384.

In any case, you can’t change the signature algorithm of a certificate yourself directly: the signing is of course done by the Certificate Authority which has issued the certificate. At most there could be some kind of setting when you requested the certificate to choose the signature algorithm.

ravi2432 · March 3, 2017, 6:58pm

Can you check its 256 or 384 on my sites.
Ovelo.fr
Dev.ovelo.fr

schoen · March 3, 2017, 7:06pm

Hi @ravi2432,

You might be confusing the hash algorithm used for signing in the digital certificate with the hash algorithm used for signing in the negotiated TLS session.

The signing algorithm in the certificate issued to you by Let’s Encrypt is sha256WithRSAEncryption.

The protocol suite offered by your server afterward is ECDHE-RSA-AES256-GCM-SHA384.

These are two different and independent things. Let’s Encrypt only has control over the first one, and used SHA256.

Only the server administrator of your server (probably you?) has control over the second one. It is controlled by your ciphersuite settings in your web server configuration.

It can be any of these

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

but we suggest using this tool

https://mozilla.github.io/server-side-tls/ssl-config-generator/

to generate configuration settings for web servers based on your preferences about security and compatibility. That includes the algorithms that are allowed to be used in the ciphersuite.

To summarize, it’s your own web server that has chosen to suggest the use of SHA384, not your Let’s Encrypt certificate.

ravi2432 · March 3, 2017, 7:06pm

I see its sha256.

ravi2432 · March 3, 2017, 7:15pm

Actly I Dont have knowledge about this. Let me discuss with my server guy. And back to you if I have any query or issue.

Thanks

Osiris · March 3, 2017, 7:39pm

That's the fingerprints hashing algorithm, not the hash algorithm used in the signature.

In the "Details" tab you can find the signature algorithm used:

system · April 2, 2017, 7:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Support for SHA384 and SHA512 Hashing Algorithms Issuance Tech	4	4015	January 8, 2023
Is it possible?	5	6733	April 30, 2016
Problem with Signature Algorithm Help	7	2209	August 10, 2023
Signature Algorithm with SHA256ECDSA Feature Requests	13	9731	April 9, 2017
"ecdsa-with-SHA384" algorithm is not supported Help	7	588	August 23, 2024

Convert sha384 to sha256

Related topics