migrated from security.stackexchange.com Apr 28 at 13:34
CSR hash and cert hash not related
The hash type on the request and on the actual certificate are not related to one another.
The CA checks the signature on the CSR. That way, the CA can verify that the CSR was not changed in transit. That's all the signature on the CSR does.
There is no official (or even semi-official) in-band way of telling a CA what hash you want. Instead a CA company may run multiple CAs, one of which exclusively uses SHA256. And if you want SHA256, then you submit your CSR on the website of that one specific SHA256-only-CA. (And not on their SHA1-CA's website.)
What is often theorised is something like this: "If I submit a CSR signed with
SHA1, then my cert will be signed with SHA1." -- And that's not done anywhere, as far as a I know. (I'm happy to be told otherwise. Let me know what companies do this. Give me a link.) You have to EXPLICITLY tell your CA what you want.
But it's good to let go of SHA1 anyway
That being said, it's still a good idea to not use SHA1 anymore if you can avoid it. So, even if your CA won't care about the hash on your CSR, it's still a good idea to use SHA256 as in this example:
openssl req -new -newkey rsa:2048 -nodes -sha256 -out www.example.com.sha256.csr -keyout www.example.com.key -subj "/C=US/ST=ExampleState/L=ExampleLocation/O=ExampleOrganisation/CN=www.example.com"
And this is how you find out the hash type of your CSR:
Good. It's using SHA256 just like we wanted.