所有证书都包含唯一的指纹信息(fingerprint),可以通过OPENSSL 命令获取指纹信息,大家经常用到的指纹信息一般是指SHA1指纹
获取SHA1指纹
openssl x509 -noout -fingerprint -in certificate.crt
OR
openssl x509 -noout -fingerprint -sha1 -in certificate.crt
获取SHA256指纹
openssl x509 -noout -fingerprint -sha256 -in certificate.crt
如上述命令报错信息如下,应该是证书使用了DER编码格式,请使用如下命令
unable to load certificate
140697206048656:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
获取SHA1指纹
openssl x509 -noout -inform DER -fingerprint -sha1 -in certificate.der
获取SHA256指纹
openssl x509 -noout -inform DER -fingerprint -sha256 -in certificate.der
原创作品,如需转载,请注明出处