How can I get the sha-1 fingerprint, as here:
// A.T. C.
{ { { 0xf9, 0xb5, 0xb6, 0x32, 0x45, 0x5f, 0x9c, 0xbe, 0xec, 0x57,
0x5f, 0x80, 0xdc, 0xe9, 0x6e, 0x2c, 0xc7, 0xb2, 0x78, 0xb7 } },
{"1.3.6.1.4.1.34697.2.1", ""}, },
from Chromium source (net/cert/ev_root_ca_metadata.cc). If the Crypto?
When I try, I always get this
04:A0:56:A9:87:64:BB:DC:96:BF:6D:B0:49:FA:80:81:ED:06:8A:1E
Which program can I use for this and what is the name of the command, to get this in crypto?
I will add a certificate as EV in firefox / chromium.
Open a terminal and run the keytool the utility provided with Java to get the SHA-1 fingerprint of the certificate. You should get both the release and debug certificate fingerprints.
At the left side of the browser's address bar, click on the lock symbol. In the pop-up dialog box, click Certificate. On the Certificate dialog box, click the Details tab. In the list box on the details page, scroll down until the word Thumbprint is visible in the list and then click Thumbprint.
Click the “Security” icon/tab at the top of the “Page Info” dialog. Click “View Certificate”. Verify that the certificate's name under “Common Name (CN)” exactly matches what this GRC page shows. The SHA1 fingerprint is shown under “Fingerprints”.
This article at Wikipedia explains what a SHA1 Fingerprint is. In a nutshell it is a unique way to identify the connection that is being made to avoid any sort of possible incorrect connection, or additional security to ensure the connection is being made to the expected server.
The SHA-1 fingerprint of a certificate is simply the SHA-1 digest value of its DER representation.
For example, if you get the fingerprint with OpenSSL directly, you would get this:
$ openssl x509 -fingerprint -in GeoTrust_Global_CA_2.pem -noout
SHA1 Fingerprint=A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
If you convert the same certificate into DER and then compute its SHA-1 digest, you'll get the same result:
$ openssl x509 -in GeoTrust_Global_CA_2.pem -outform DER | sha1sum
a9e9780814375888f20519b06d2b0d2b6016907d -
(openssl ... -outform DER
produces a DER output on stdout, and sha1sum
is a common utility for computing SHA-1 digests from its stdin.)
1.3.6.1.4.1.34697.2.1
1.3.6.1.4.1.34697.2.1 is one certificate manufacture's OID for an EV certificate. Different issuers use different OIDs to denote the EV certificate. There's a question that lists a collection of the EV OIDS here.
Which program can I use for this and what is the name of the command,
To get the fingerprint, try OpenSL's x509
utility:
$ openssl x509 -in sub.class1.server.ca.pem -fingerprint -noout
SHA1 Fingerprint=F6:91:FC:87:EF:B3:13:53:54:22:5A:10:E1:27:E9:11:D1:C7:F8:CF
In the command above, sub.class1.server.ca.pem
is Startcom's Class 1 Server intermediate signing certificate. The cert can be downloaded here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With