OpenSSL for Windows
Home › Verify Hashes

Verify OpenSSL Downloads on Windows

Hash checking protects you from tampered files. Verify SHA256 via certutil or PowerShell before running the installer.

Back to Download page Vendor page Download Installer (Win64)
TL;DR: Download the file, compute its SHA256, compare with the vendor’s published hash. If it doesn’t match, do not run the installer.

Method 1 — certutil (Command Prompt)

  1. Open Command Prompt.
  2. Go to your download folder, e.g.: cd %USERPROFILE%\Downloads
  3. Run:
certutil -hashfile Win64OpenSSL_Light-4_0_0.exe SHA256

Compare the long hexadecimal string to the vendor‑published SHA256. If they match exactly, the file is intact.

Method 2 — PowerShell (Get-FileHash)

  1. Open Windows PowerShell.
  2. Navigate to your download folder, e.g.: cd "$env:USERPROFILE\Downloads"
  3. Run:
Get-FileHash -Algorithm SHA256 -Path .\Win64OpenSSL_Light-4_0_0.exe

Copy the Hash value and compare it to the vendor’s value. Any difference means do not run the file.

Optional — Check the digital signature

  1. Right‑click the installer file and choose Properties.
  2. Open the Digital Signatures tab (if present) and select a signature.
  3. Click Details to view the signer and certificate status.

Not all files are code‑signed. Hash verification works even without a signature.

Troubleshooting and notes

  • Where do I find the official hash? On the vendor page. If you can’t find it, re‑download from the same URL and verify again.
  • Do I need admin rights? No. Hash checks work in normal user sessions.
  • Hash doesn’t match? Delete the file and download again from the known vendor URL. Do not install.
  • Next steps: After verifying, go to Download page, then Add to PATH. If you see libcrypto.dll errors later, see Fix DLL Error.