Check SSL Certificate Fingerprint using OpenSSL

Check SSL Certificate Fingerprint using OpenSSL

Ensuring the authenticity and integrity of an SSL certificate is crucial for secure communications. A common practice is to verify the fingerprint of a certificate, which acts as a unique identifier for the certificate. This tutorial explains how to check SSL certificate fingerprint using OpenSSL.

Suppose we have the following certificate:

-----BEGIN CERTIFICATE----- MIICBzCCAbGgAwIBAgIUblsRRtsMLsqKSXHL3OeHVDTAaAkwDQYJKoZIhvcNAQEL BQAwWDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDFRlc3QgQ29tcGFueTEfMB0GA1UE CwwWVGVzdCBPcmdhbml6YXRpb24gVW5pdDERMA8GA1UEAwwIdGVzdC5jb20wHhcN MjIwNzE4MDEzMDMwWhcNMjMwNzE4MDEzMDMwWjBYMQswCQYDVQQGEwJVUzEVMBMG A1UECgwMVGVzdCBDb21wYW55MR8wHQYDVQQLDBZUZXN0IE9yZ2FuaXphdGlvbiBV bml0MREwDwYDVQQDDAh0ZXN0LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDf 6LwJoaDTpxNlaCXlLp6RAfgsE8j2yiPFZ0Pqy2u+a4gbZn2KxnVA/Ar/6foqC/Os cEr1/h2F55D33xF3OyJVAgMBAAGjUzBRMB0GA1UdDgQWBBR01dWXvKnNVQl97YZP vnpvtsFb7jAfBgNVHSMEGDAWgBR01dWXvKnNVQl97YZPvnpvtsFb7jAPBgNVHRMB Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAOeLvRxxC+WnhnBaURnyhWM1aHP6j WYXSGiQh6VA6vxoShAUFd56anAT7LfX6wJdnDJrtHkaK2zK6JM7mxqF79w== -----END CERTIFICATE-----

We can use the openssl x509 command to view certificate details. To retrieve the SHA-1 fingerprint, use the following command:

openssl x509 -in test.crt -fingerprint -noout

The meaning of options:

  • -in test.crt - specifies the input certificate file.
  • -fingerprint - displays the fingerprint of the certificate.
  • -noout - indicates that the encoded version of the certificate will be excluded from the output.

Output:

SHA1 Fingerprint=61:8B:BC:60:F9:3F:B5:3D:85:49:CB:73:31:02:08:1D:70:EC:2F:DA

For a SHA-256 fingerprint, add the -sha256 option:

openssl x509 -in test.crt -fingerprint -sha256 -noout

Use the following command to view a list of supported cryptographic hash functions:

openssl list --digest-commands

Output example:

blake2b512 blake2s256 md5 rmd160 sha1 sha224 sha256 sha3-224 sha3-256 sha3-384 sha3-512 sha384 sha512 sha512-224 sha512-256 shake128 shake256 sm3

Leave a Comment

Cancel reply

Your email address will not be published.