How to get SSL-Certificate sha1 fingerprint?
Solution 1
The SHA-1 fingerprint of a certificate is simply the SHA-1 digest value of its DER representation.
- If your certificate is in PEM format, you'd need to convert it in DER format first (this is a base-64 decoding).
- Then, use a SHA-1 digest algorithm (in whichever language you're using) on this DER document.
For example, if you get the fingerprint with OpenSSL directly, you would get this:
$ openssl x509 -fingerprint -in GeoTrust_Global_CA_2.pem -noout
SHA1 Fingerprint=A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
If you convert the same certificate into DER and then compute its SHA-1 digest, you'll get the same result:
$ openssl x509 -in GeoTrust_Global_CA_2.pem -outform DER | sha1sum
a9e9780814375888f20519b06d2b0d2b6016907d -
(openssl ... -outform DER produces a DER output on stdout, and sha1sum is a common utility for computing SHA-1 digests from its stdin.)
Solution 2
1.3.6.1.4.1.34697.2.1
1.3.6.1.4.1.34697.2.1 is one certificate manufacture's OID for an EV certificate. Different issuers use different OIDs to denote the EV certificate. There's a question that lists a collection of the EV OIDS here.
Which program can I use for this and what is the name of the command,
To get the fingerprint, try OpenSL's x509 utility:
$ openssl x509 -in sub.class1.server.ca.pem -fingerprint -noout
SHA1 Fingerprint=F6:91:FC:87:EF:B3:13:53:54:22:5A:10:E1:27:E9:11:D1:C7:F8:CF
In the command above, sub.class1.server.ca.pem is Startcom's Class 1 Server intermediate signing certificate. The cert can be downloaded here.
Related videos on Youtube
01 : 45
01 : 22
01 : 21
04 : 54
10 : 02
01 : 40
02 : 39
user3586278
Updated on June 22, 2022Comments
-
user3586278 about 2 years
How can I get the sha-1 fingerprint, as here:
// A.T. C. { { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57, 0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } }, {"1.3.6.1.4.1.34697.2.1", ""}, },from Chromium source (net/cert/ev_root_ca_metadata.cc). If the Crypto?
When I try, I always get this
04:A0:56:A9:87:64:BB:DC:96:BF:6D:B0:49:FA:80:81:ED:06:8A:1EWhich program can I use for this and what is the name of the command, to get this in crypto?
EDIT
I will add a certificate as EV in firefox / chromium.
-
Bruno about 10 yearsJust to clarify, what do you try this on to get
04:A0:56:A9:87:64:BB:DC:96:BF:6D:B0:49:FA:80:81:ED:06:8A:1E, and what exactly do you try?
-
