How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication Manager
Originally Published: 2019-06-26
Article Number
Applies To
RSA Product/Service Type: RSA Cloud Authentication Service
Issue
Requirements of different service providersvary. Some need a SHA-1 fingerprint, some need an MD5 fingerprint, etc. Depending on the server platform, only the SHA-1 or MD5 fingerprint/thumbprint may be displayed.
Tasks
Resolution
This solution assumes the use of Windows.
- Install the latest version of OpenSSL for Windows.
- Open the Windows Command Line.
- Navigate to the OpenSSL installation directory (the default directory is C:\OpenSSL-Win32\bin).
- Run one of the following commands to view the certificate fingerprint/thumbprint:
-
SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]
-
SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in [certificate-file.crt]
-
MD5
openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt]
The example below displays the value of the same certificate using each algorithm:
C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -sha256 -inform pem -in c:\test\cert.cer SHA256 Fingerprint=E6:5A:5D:37:22:FC:EF:EA:4B:22:92:45:BC:49:D2:29:3D:84:19:BC:C3:45:23:A1:22:A4:99:20:9D:03:E6:47 C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -sha1 -inform pem -in c:\test\cert.cer SHA1 Fingerprint=1E:DD:AD:32:C3:54:3F:C3:6F:7F:94:51:8D:5E:F7:ED:7C:DB:5D:A5 C:\OpenSSL-Win32\bin>openssl x509 -noout -fingerprint -md5 -inform pem -in c:\test\cert.cer MD5 Fingerprint=AA:6F:C8:3F:37:78:7A;BE:A6:BE:2C:51:26:16:3F:D3 C:\OpenSSL-Win32\bin>
Notes
Related Articles
Error: '%1 is not a valid win32 application' when starting RSA RADIUS Server 6.1 Number of Views RSA WTD Silvertail - varz for silvertap or other remote service won't load...remote silvertap machine(s) Number of Views FIM - FIPS 140-2 compliance. TLS1 ciphers Number of Views Bootstrapping can fail if Symantec Antivirus is installed on Enterprise or Site Coordinator (Named Pipe Error) Number of Views Disaster recovery - Re-imaging a RC Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
Don't see what you're looking for?
