Determine if certificate signing request was made using SHA1 algorithm or SHA2 algorithm

Question

We're trying to create a code signing certificate for signing a Java applet. We're asked to supply a CSR and indicate if it was made using SHA1 or SHA2. How can you determine this?

We used the keytool command. This was the command used to generate the CSR, but nowhere did we specify whether it was SHA1 or SHA2. What is the default setting for keytool in generating CSRs?

C:\CM\WEB-INF>keytool -certreq -keyalg RSA -alias code_signing_private -file c
ode_signing.csr -keystore code_signing.keystore

Answer 1

We found the answer here: http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html. By default, keytool uses SHA256withRSA given the RSA value for the keyalg option.

To force SHA1, we used sigalg option with SHA1WithRSA.