What is the Difference Between SHA-2 and SHA-2-Full-Chain

While you’re generating your SSL/TLS Certificate you may see an option to select a from 2 different hashing algorithms. You’re given a choice between SHA-2 and FULL SHA-2. SHA-2 is also sometimes referred to as SHA-256. But what’s the difference, and which one should you select?

What are Hashing Algorithms?

SHA stands for Secure Hashing Algorithm. In the world of SSL Hashing Algorithms, also called Hash Functions, are mathematical functions that condense data to a fixed size. These Hashing Algorithms are basically the language used to build the encryption of your SSL Certificate. There are many of these language, and some have been improved upon and phased out over the years. SHA 1 used to be industry standard, but has now been phased out and SHA 2 is used instead. SHA 2 is now recognized by most environments and devices, and only antiquated, older systems will recognize SHA 1.

What is SHA-2?

Choosing SHA-2 will issue a certificate using SHA-256 that comes chained to a SHA-256 intermediate. The intermediate will then chain back to a SHA-1 root. While SHA-1 is now outmoded for public facing certificates, having a SHA-1 root has no negative impact on security. That is due to the fact that root certificates are used for identity purposes—not encryption.

For maximum compatibility with client devices we recommend selecting this option.


What is FULL SHA-2?

Selecting FULL SHA-2 will issue a certificate that chains to both an intermediate and a root that also use SHA-256 hashing algorithm. Over the next several years all certificates will migrate to SHA-2 root certificates. In the meantime, anyone expecting your certificate will see that it is a full SHA-256 chain.

While SHA-256 root certificates are present in all current browsers, some of users on older browsers may not be able to access sites with FULL-SHA-2.


If you have any questions, or need help with any part of the generation process, you can reach out to our support team 24/7/365.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 What is Certificate Transparency

Why logging SSL certificates makes the internet safer Certificate Transparency is a mechanism used to publicly log SSL certificates, this helps website owners and watchdogs detect mis-issuance. Of all the threats facing the SSL industry,...

 Multi-Domain Wildcard Certificates

If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, look no further than the Multi-Domain Wildcard SSL certificates. Offered by all major Certificate Authorities, these SSL Certificates are a...

 How to Check a Certificate’s Expiration Date (Chrome)

Get certificate information on any website in just a few clicks. Checking your SSL certificate’s expiration date on Google Chrome is fairly easy. Depending on which version of Chrome you’re running, it can be done within just a few clicks. Here’s...

 Explaining the Chain of Trust

A brief overview of PKI (Private Key Infrastructure) and why your certificate is trusted. One of the most common questions we field is in relation to the “Chain of Trust.” If you’ve ever had any questions about roots, intermediates or how SSL...

 How to Create a .pem File for SSL Certificate Installations

.pem SSL Creation Guide SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of...

Powered by WHMCompleteSolution