Overview#The Certificate Fingerprint is the Certificate Signature (or fingerprint) as is displayed as the Fingerprints section when looking at a Certificate with Chrome or Firefox and the Thumbprint in Microsoft's browsers is the hash of the entire certificate in DER form.
In OpenSSL the "-fingerprint" option takes the hash of the DER encoded certificate. This is commonly called a "fingerprint". Because of the nature of message-Digests the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same.
- SHA-256: 63 2B 11 99 44 40 17 DF 37 FC C3 DF 0F 3D 15 is the SHA256 hash sum of ASN.1 binary (DER)
- SHA-1: 23 96 4A 13 68 93 9E DA E4 38 35 AC E3 2A 36 is the SHA-1 hash sum of ASN.1 binary (DER)
Certificate Fingerprint are mostly used for identifying the certificates (for organising them)
Use of Certificate Fingerprint#One application of these Certificate Fingerprint is to validate Extended Validation Certificate. In this case, the SHA-1 Certificate Fingerprint of the root EV CA certificate is hard-coded in the browser. Note that the
- Certificate Fingerprint the fingerprint of the Trust Anchor
- Certificate Fingerprint has to match exactly the Trust Anchors shipped with the version of the browser compiled with those values.