The thumbprint is the hash of the certificate data in DER format. For example, the following commands would work for both forms:
openssl x509 -in user.pem -fingerprint -md5 -noout openssl x509 -in user.cer -inform der -fingerprint -md5 -noout But I f you want to use a raw hash then only the second of the following would work: openssl md5 < user.pem (wrong format input) openssl md5 < user.cer .................................... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt C Sent: Tuesday, April 19, 2011 1:56 PM To: openssl-users@openssl.org Subject: How is MD5 fingerprint on X509 created? Hello, I am able to generate an MD5 fingerprint with the following command. openssl x509 -in user.pem -fingerprint -md5 -noout This fingerprint matches the fingerprint displayed by Thunderbird/Firefox. I am trying to generate an MD5 using a hash function in PHP, http://nl2.php.net/manual/en/function.openssl-digest.php The results I am getting from the PHP function are not the same as using the other methods. I'm sure I'm not putting the right data into the hash function. Should I be hashing the entire contents of the PEM file, only part, or is there additional data I need to add? Thank you, Matt