Overview#
The Certificate Fingerprint is the Certificate Signature (or fingerprint) as is displayed as the Fingerprints section when looking at a Certificate with Chrome or Firefox and the Thumbprint in Microsoft's browsers is the hash of the entire certificate in DER form.
Certificate Fingerprint is NOT part of the Certificate but rather the hash of the DER encoded certificate
In OpenSSL the "-fingerprint" option takes the hash of the DER encoded certificate. This is commonly called a "fingerprint". Because of the nature of message-Digests the fingerprint of a certificate is unique to that certificate and two certificates with the same fingerprint can be considered to be the same.
Example Certificate Fingerprint#
We see:
- SHA-256: 63 2B 11 99 44 40 17 DF 37 FC C3 DF 0F 3D 15 is the SHA256 hash sum of ASN.1 binary (DER)
- SHA-1: 23 96 4A 13 68 93 9E DA E4 38 35 AC E3 2A 36 is the SHA-1 hash sum of ASN.1 binary (DER)
Certificate Fingerprint are mostly used for identifying the certificates (for organising them)
Use of Certificate Fingerprint#
One application of these Certificate Fingerprint is to validate Extended Validation Certificate. In this case, the SHA-1 Certificate Fingerprint of the root EV CA certificate is hard-coded in the browser. Note that the- Certificate Fingerprint the fingerprint of the Trust Anchor
- Certificate Fingerprint has to match exactly the Trust Anchors shipped with the version of the browser compiled with those values.
More Information#
There might be more information for this subject on one of the following:Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!