Security guide

Verify OpenSSL downloads on Windows

Always verify the SHA256 hash of the installer before running it. Two methods: certutil in Command Prompt (built into Windows) and PowerShell Get-FileHash.

If the hash does not match the value on slprowex.com — delete the file, re-download, and check again. Do not run an installer with a mismatched hash.
Method 1 — recommended

certutil — Command Prompt

Built into all Windows versions. No installation required.

  • 1

    Open Command Prompt

    Press Win+R, type cmd, press Enter.

  • 2

    Navigate to your Downloads folder

    cmd.exe
    C:\> cd %USERPROFILE%\Downloads
  • 3

    Run certutil

    cmd.exe
    C:\Downloads> certutil -hashfile Win64OpenSSL_Light-4_0_0.exe SHA256
    SHA256 hash of Win64OpenSSL_Light-4_0_0.exe:
    a3f8c2d19b74e501f2c8d3ab1e...
    CertUtil: -hashfile command completed successfully.
  • 4

    Compare to published hash

    Go to slprowex.com and find the SHA256 for your installer. Every character must match exactly.

Method 2

PowerShell — Get-FileHash

Available on Windows 10 and 11. Outputs a clean uppercase hash that is easy to copy and compare.

PowerShell
PS C:\> cd "$env:USERPROFILE\Downloads"
PS C:\Downloads> Get-FileHash -Algorithm SHA256 -Path .\Win64OpenSSL_Light-4_0_0.exe
Algorithm Hash Path
--------- ---- ----
SHA256 A3F8C2D19B74E501F2C8D3AB1E... .\Win64...

Copy the Hash value and compare it to slprowex.com. PowerShell outputs uppercase — comparison is case-insensitive.

Optional

Check the digital signature

  • 1

    Right-click installer → Properties

    In File Explorer, right-click the installer and choose Properties.

  • 2

    Open Digital Signatures tab

    Select a signature → Details. Check that the certificate status shows This digital signature is OK.

  • 3

    PowerShell alternative

    PowerShell
    PS> Get-AuthenticodeSignature .\Win64OpenSSL_Light-4_0_0.exe | Select-Object Status, SignerCertificate
    Status : Valid
    SignerCertificate : ...
Troubleshooting

Common questions

Where do I find the official hash?
On the vendor page at slprowex.com. Look for the SHA256 or MD5 value listed next to your installer download link.
Do I need admin rights to check the hash?
No. Both certutil and Get-FileHash work in a normal user session without elevation.
The hash doesn't match — what should I do?
Delete the downloaded file immediately. Do not run it. Re-download from the official vendor URL and verify again. If it still does not match, the source may be compromised.
Is SHA256 enough or should I use SHA512?
SHA256 is sufficient for installer verification. Use whatever algorithm the vendor publishes. Both are collision-resistant for this use case.

Hash verified? Ready to install.

Follow the full install and PATH setup guides.

Win64 Prebuilt →

Related guides

Win64 Prebuilt →
download page
Add to PATH →
after installing
Fix libcrypto.dll →
DLL errors