SHA3 Certificates

Is anyone familiar with where to get certificates for SHA3?

The answer to your question is probably: nowhere.

As far as I can tell, only SHA-2 (SHA-256/SHA-384/SHA-512) is allowed according to the CA/Browser Forum Baseline Requirements. See sections and for the details.


Hi @jay_vandervoort and welcome to the LE community forum :slight_smile:

@Osiris, Not even via openssl or smallstep or some other non global CA system?

Here the term "get" can also be read as "make"

I don't read globally trusted in the question.

@jay_vandervoort must the cert be globally trusted?

1 Like

I interpreted it as "get a cert from a publicly trusted CA".

Also, OpenSSL can perfectly generate SHA3 certs:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha3-256 -keyout sha3test-privkey.pem -out sha3test-cert.pem

Just use any of the possible -sha3-* digest options. See openssl dgst -list | grep sha3 for all options on your system.


Although it may seem implied, I try to keep to what is written.

That was my first "go to".

1 Like

I try to read anything ambiguous in the context/purpose of this Community, which is mainly about publicly trusted certificates to enable HTTPS for all websites on the (public) world wide web.

Also, the thread is opened in #issuance-policy :wink:


Thank you for the welcome and incredibly fast response. I have experience in OpenSSL and do appreciate the suggestion, however, we're looking for certificates provided by a CA. It does seem like there's nothing available and appreciate the feedback and additional insights.


I would welcome SHA3 with open arms; And I'm also waiting for OpenSSL v2.0
But I don't think :santa: will be putting either under my :christmas_tree: this year.
[maybe next year will yield more of these types of advances :crossed_fingers:]

Cheers from Miami :beers:

#FreeCUBA :cuba:

FYI [to all]:
Last modified 20th December 2017

1 Like

there is no openssl v2.0. they skipped it.

After 1.1.1 they released openssl 3.0 a few weeks ago.


I lack sleep - LOL
:santa: came early this year!


While new options wouldn't hurt I think, the current industry standpoint seems to be that it's not necessary (which is debatable). Keccak (SHA-3) is a great algorithm, however because there are currently no significant weaknesses* known for the SHA-2 family (there are some - let's say suboptimal - things in SHA-2 though). Hence the current view is that SHA-3 "is not meant to replace SHA-2" (from Wikipedia). It's more of a "have this thing in the toolset in case of emergency" case. The current state is that many current protocols (e.g TLSv1.3 or SSH-2) do not implement SHA-3 and/or have no immediate plans to implement them either, even though SHA-3 has been around for a while now. There's just no(t enough) pressure to do anything right now.

*This is debatable, as it depends on your classification of "significant weakness".

However, because of slow migration from SHA-1 to SHA-2 in the past, I think having more widespread support for SHA-3 would ease up a switch, if/when a migration from SHA-2 to Keccak becomes necessary. But I think before you can talk about this with the BR people, you need library, protocol and hardware support first. OpenSSL already has SHA-3, but there's much more than just OpenSSL out there.

SHA-3 also isn't that fast in software, so hardware support would be a really cool thing. But it takes a lot of time until that hardware reaches most consumers (or datacenters). I don't even have SHA(-2) extensions in my current CPU :disappointed_relieved:.