Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Get certificate fingerprint of HTTPS server from command line?

Recently Mercurial has added certificate validation when connecting to HTTPS servers. I'm trying to clone the wiki repository for a googlecode project at https://wiki.pydlnadms.googlecode.com/hg/, but the certificate is for *.googlecode.com. I was under the impression that this is called a wildcard domain and valid for all subdomains, but I'm receiving the error:

matt@stanley:~/src$ hg clone https://wiki.pydlnadms.googlecode.com/hg/ pydlnadms-wiki
abort: wiki.pydlnadms.googlecode.com certificate error: certificate is for *.googlecode.com

Allegedly I need to add the certificate fingerprint to my hgrc. How do I retrieve this fingerprint from the command line?

Parent Question: Hosting images on Google Code

like image 447
Matt Joiner Avatar asked Mar 02 '11 07:03

Matt Joiner


People also ask

How do I get the thumbprint of a certificate in PowerShell?

To get the certificate thumbprint using PowerShell is very much easy. We just need to retrieve the path where certificates reside and the default property that is shown on the console will include the certificate thumbprint. For example, we are going to retrieve the certificate from the personal store.


2 Answers

The page at http://wiki.debuntu.org/wiki/OpenSSL#Retrieving_certificate_informations lists the command lines for that (and printing out the relevant information). From that page and some of the man pages, it seems like what you want is (for bash):

openssl s_client -connect <host>:<port> < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin

If you want the whole certificate, leave off the | symbol and everything after it.

like image 196
Jeremiah Willcock Avatar answered Oct 16 '22 23:10

Jeremiah Willcock


this is also enough:

openssl x509 -fingerprint -in server.crt
like image 14
rundekugel Avatar answered Oct 16 '22 23:10

rundekugel