SHA-256 in SSL/TLS Certificates
How SHA-256 secures SSL/TLS certificates. Covers certificate signing, the migration from SHA-1, certificate chain validation, and how browsers verify certificate integrity.
Detailed Explanation
SHA-256 is the standard hash algorithm used in SSL/TLS certificate signatures. When a Certificate Authority (CA) signs a certificate, it hashes the certificate contents with SHA-256 and encrypts the hash with its private key. Browsers verify certificates by computing the same SHA-256 hash and checking it against the decrypted signature.
How certificate signing works:
A certificate contains the domain name, public key, validity period, issuer information, and other fields encoded in ASN.1 DER format. The CA computes SHA-256 over this encoded data, then signs the hash using RSA or ECDSA. The resulting signature is appended to the certificate. During TLS handshake, the client (browser) extracts the certificate contents, independently computes the SHA-256 hash, decrypts the signature using the CA's public key, and verifies that both values match.
The SHA-1 to SHA-256 migration:
Before 2016, most certificates used SHA-1. The industry-wide migration to SHA-256 was one of the largest coordinated security changes in internet history. The CA/Browser Forum set a deadline of January 1, 2016, for CAs to stop issuing SHA-1 certificates. Google Chrome began showing security warnings for SHA-1 certificates in Chrome 42 (2015) and blocked them entirely in Chrome 56 (2017). This migration affected millions of certificates and required website operators worldwide to reissue their certificates.
Certificate chain validation:
In a typical TLS connection, the server presents a chain: leaf certificate (your domain) signed by an intermediate CA, which is signed by a root CA. Each signature in the chain uses SHA-256. The browser verifies each signature by hashing the certificate below with SHA-256 and checking the signature of the certificate above. The root CA's certificate is trusted because it is pre-installed in the browser or operating system's trust store.
Certificate transparency:
Modern certificate security includes Certificate Transparency (CT) logs, which use Merkle tree structures built with SHA-256 to create an append-only, publicly auditable record of all issued certificates. This allows domain owners to detect misissued certificates. Chrome requires all certificates to be logged in CT logs, adding another layer of SHA-256-based integrity verification.
Use Case
SHA-256 underpins the trust model of the entire web, securing billions of daily HTTPS connections through certificate signatures verified by browsers worldwide.