Check SSL Certificate Fingerprint from Command Line

By | 2014/09/20

It is possible to check a fingerprint of an SSL cert from the command line with openssl. In light of recent SHA1 deprecation in the news, this tip should be handy!

The command to run is:

$ openssl s_client -servername -connect | openssl x509 -fingerprint -noout

(I use the -servername indication so SNI will work.)

Example output from

stmiller@bruckner:~$ openssl s_client -servername -connect | openssl x509 -fingerprint -noout
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
SHA1 Fingerprint=A1:A4:67:56:79:5C:EF:69:AA:6D:17:2D:4B:35:99:E7:64:91:BF:96