Ensuring the authenticity and integrity of an SSL certificate is crucial for secure communications. A common practice is to verify the fingerprint of a certificate, which acts as a unique identifier for the certificate. This tutorial explains how to check SSL certificate fingerprint using OpenSSL.
Suppose we have the following certificate:
-----BEGIN CERTIFICATE-----
MIICBzCCAbGgAwIBAgIUblsRRtsMLsqKSXHL3OeHVDTAaAkwDQYJKoZIhvcNAQEL
BQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDFRlc3QgQ29tcGFueTEfMB0GA1UE
CwwWVGVzdCBPcmdhbml6YXRpb24gVW5pdDERMA8GA1UEAwwIdGVzdC5jb20wHhcN
MjIwNzE4MDEzMDMwWhcNMjMwNzE4MDEzMDMwWjBYMQswCQYDVQQGEwJVUzEVMBMG
A1UECgwMVGVzdCBDb21wYW55MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBV
bml0MREwDwYDVQQDDAh0ZXN0LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf
6LwJoaDTpxNlaCXlLp6RAfgsE8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/Os
cEr1/h2F55D33xF3OyJVAgMBAAGjUzBRMB0GA1UdDgQWBBR01dWXvKnNVQl97YZP
vnpvtsFb7jAfBgNVHSMEGDAWgBR01dWXvKnNVQl97YZPvnpvtsFb7jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAOeLvRxxC+WnhnBaURnyhWM1aHP6j
WYXSGiQh6VA6vxoShAUFd56anAT7LfX6wJdnDJrtHkaK2zK6JM7mxqF79w==
-----END CERTIFICATE-----We can use the openssl x509 command to view certificate details. To retrieve the SHA-1 fingerprint, use the following command:
openssl x509 -in test.crt -fingerprint -nooutThe meaning of options:
-in test.crt- specifies the input certificate file.-fingerprint- displays the fingerprint of the certificate.-noout- indicates that the encoded version of the certificate will be excluded from the output.
Output:
SHA1 Fingerprint=61:8B:BC:60:F9:3F:B5:3D:85:49:CB:73:31:02:08:1D:70:EC:2F:DAFor a SHA-256 fingerprint, add the -sha256 option:
openssl x509 -in test.crt -fingerprint -sha256 -nooutUse the following command to view a list of supported cryptographic hash functions:
openssl list --digest-commandsOutput example:
blake2b512 blake2s256 md5 rmd160
sha1 sha224 sha256 sha3-224
sha3-256 sha3-384 sha3-512 sha384
sha512 sha512-224 sha512-256 shake128
shake256 sm3
Leave a Comment
Cancel reply