What is the Difference Between SHA-2 and SHA-2-Full-Chain

While you’re generating your SSL/TLS Certificate you may see an option to select a from 2 different hashing algorithms. You’re given a choice between SHA-2 and FULL SHA-2. SHA-2 is also sometimes referred to as SHA-256. But what’s the difference, and which one should you select?

What are Hashing Algorithms?

SHA stands for Secure Hashing Algorithm. In the world of SSL Hashing Algorithms, also called Hash Functions, are mathematical functions that condense data to a fixed size. These Hashing Algorithms are basically the language used to build the encryption of your SSL Certificate. There are many of these language, and some have been improved upon and phased out over the years. SHA 1 used to be industry standard, but has now been phased out and SHA 2 is used instead. SHA 2 is now recognized by most environments and devices, and only antiquated, older systems will recognize SHA 1.

What is SHA-2?

Choosing SHA-2 will issue a certificate using SHA-256 that comes chained to a SHA-256 intermediate. The intermediate will then chain back to a SHA-1 root. While SHA-1 is now outmoded for public facing certificates, having a SHA-1 root has no negative impact on security. That is due to the fact that root certificates are used for identity purposes—not encryption.

For maximum compatibility with client devices we recommend selecting this option.


What is FULL SHA-2?

Selecting FULL SHA-2 will issue a certificate that chains to both an intermediate and a root that also use SHA-256 hashing algorithm. Over the next several years all certificates will migrate to SHA-2 root certificates. In the meantime, anyone expecting your certificate will see that it is a full SHA-256 chain.

While SHA-256 root certificates are present in all current browsers, some of users on older browsers may not be able to access sites with FULL-SHA-2.


If you have any questions, or need help with any part of the generation process, you can reach out to our support team 24/7/365.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 Multi-Domain Wildcard Certificates

If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, look no further than the Multi-Domain Wildcard SSL certificates. Offered by all major Certificate Authorities, these SSL Certificates are a...

 Troubleshooting Insecure Content

One of the most common issues site owners run into when installing and SSL certificate and migrating to HTTPS is Insecure Content. This error is produced when content on a secure website is being loaded through a non-secure source. An example...

 Understanding Hash Functions

Maybe now you’ll finally understand the name of our blog Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of...

 Elliptic Curve Cryptography (ECC) Certificates

Cryptography, the science of encrypting data and information, is the backbone of SSL. Every time you visit a website that is secured by an SSL certificate, your computer works with that website’s server to encrypt and then decipher all data sent...

 How to Create a .pem File for SSL Certificate Installations

.pem SSL Creation Guide SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of...

Powered by WHMCompleteSolution