Re: [Ejbca-develop] Using certificate fingerprint sha2 for End Entities

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ralf Hornik wrote:
>> What is the fingerprint extension?
>
> [root@ca-pb ~]# openssl x509 -in cert.pem -noout -fingerprint
> SHA1 Fingerprint=2B:D1:C3:77:42:95:F4:09:CC:A0:4D:3F:05:5F:44:15:27:1A:0D:42

This is simply the hash checksum calculated for the raw binary data, in this 
case by OpenSSL.
=> You have to consult the OpenSSL docs to see how to use another hash 
algorithm for fingerprint calculation.

BTW: If you want to provide fingerprints for out-of-band verification of trust 
anchor certs you have to provide each algorithm any client might use.

Ciao, Michael.