On Mon, Apr 03, 2006, Oscar So wrote: > Hi, > > I know that to calculate the fingerprint of an x509 certificate is to hash > (SHA1 and MD5) > the PEM format of an x509 certificate. > However, I am not sure if I should hash the whole PEM file or leave the > header and footer alone. For example, should I leave the header "-----BEGIN > CERTIFICATE-----" and > footer "-----END CERTIFICATE-----" alone, and then just hash anything in > between ? > I am having trouble trying to figure out a way to compute the hash value. > I tried so many things! >
All of your questions should be asked in openssl-users not openssl-dev. The function X509_digest() will give you the fingerprint of the certifcate. >From the command line: openssl x509 -in cert.pem -noout -fingerprint openssl x509 -in cert.pem -noout -sha1 -fingerprint It is the hash of the DER (binary) form of the certificate which is the stuff between those lines base64 decoded. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
