How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication Manager
Originally Published: 2019-06-26
Article Number
Applies To
RSA Product/Service Type: RSA Cloud Authentication Service
Issue
Requirements of different service providersvary. Some need a SHA-1 fingerprint, some need an MD5 fingerprint, etc. Depending on the server platform, only the SHA-1 or MD5 fingerprint/thumbprint may be displayed.
Tasks
Resolution
This solution assumes the use of Windows.
- Install the latest version of OpenSSL for Windows.
- Open the Windows Command Line.
- Navigate to the OpenSSL installation directory (the default directory is C:\OpenSSL-Win32\bin).
- Run one of the following commands to view the certificate fingerprint/thumbprint:
-
SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]
-
SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]
-
MD5
openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt]
The example below displays the value of the same certificate using each algorithm:
C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -sha256 -inform pem -in c:\test\cert.cer SHA256 Fingerprint=E6:5A:5D:37:22:FC:EF:EA:4B:22:92:45:BC:49:D2:29:3D:84:19:BC:C3:45:23:A1:22:A4:99:20:9D:03:E6:47 C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -sha1 -inform pem -in c:\test\cert.cer SHA1 Fingerprint=1E:DD:AD:32:C3:54:3F:C3:6F:7F:94:51:8D:5E:F7:ED:7C:DB:5D:A5 C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -md5 -inform pem -in c:\test\cert.cer MD5 Fingerprint=AA:6F:C8:3F:37:78:7A;BE:A6:BE:2C:51:26:16:3F:D3 C:\OpenSSL-Win32\bin>
Notes
Related Articles
Error: '%1 is not a valid win32 application' when starting RSA RADIUS Server 6.1 Number of Views RSA WTD Silvertail - varz for silvertap or other remote service won't load...remote silvertap machine(s) Number of Views FIM - FIPS 140-2 compliance. TLS1 ciphers Number of Views FIM 3.1.2 - CryptoJ jar causing signature verification errors with md2 signature algorithm Number of Views Microsoft Local Security Authority (LSA) prevents the Swissbit OpenSC Minidriver from loading. Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
