Double-click on the lock icon at the bottom of the browser. Search in the popup for the Certificate Signature Algorithm, or a similarly named field. If it has MD5 in the field, you've got a winner.
On Thu, Jan 1, 2009 at 4:38 PM, Ken Schaefer <[email protected]> wrote: > Hi, > > How do you determine what hash the CA is using for a particular certificate? > You can't do that just be looking at the CA's root cert. You need to look at > the actual cert presented by the web server or similar. > > However, if you can find a list of CAs somewhere (e.g. if someone's compiled > a list and stuck it up on the web) that shows what hash they do use, then you > could use that to selectively remove CA certs. Just be aware of unintended > consequences (e.g. if you have anything like a webservice that runs > unattended and can no longer connect due to cert trust issues) > > Cheers > Ken ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
