Check SSL Certificate Fingerprint from Command Line

By | 2014/09/20

It is possible to check a fingerprint of an SSL cert from the command line with openssl. In light of recent SHA1 deprecation in the news, this tip should be handy!


The command to run is:

$ openssl s_client -servername example.com -connect example.com:443 | openssl x509 -fingerprint -noout

(I use the -servername indication so SNI will work.)


Example output from scottlinux.com:

stmiller@bruckner:~$ openssl s_client -servername scottlinux.com -connect scottlinux.com:443 | openssl x509 -fingerprint -noout
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
SHA1 Fingerprint=A1:A4:67:56:79:5C:EF:69:AA:6D:17:2D:4B:35:99:E7:64:91:BF:96
^C

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.