Thursday, January 14, 2010

How do you thumbprint a certificate?

You often use thumbprints to find certificates, but what is the thumbprint?  The thumbprint is the hash of the certificate. In the case of the CLR’s X509Certificate2 class, the thumbprint is the SHA1 hash of the certificate. If you want to compute the thumbprint of a certificate yourself it’s pretty simple:

function get-CertThumbprint ($cert)
	$sha = new-object System.Security.Cryptography.SHA1CNG
	$hashOfRawBytesOfCertificate = $sha.ComputeHash($cert.RawData)
	( $hashOfRawBytesOfCertificate| % {"{0:X}" -f $_} ) -join ""
PS cert:\LocaLMachine\My> dir

    Directory: Microsoft.PowerShell.Security\Certificate::LocaLMachine\My

Thumbprint                                Subject
----------                                -------
3BCA8A25A071300BD177E4C73135E54FA830039A  CN=STS
08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533  CN=localhost

PS cert:\LocalMachine\My> $cert = get-item 08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533
PS cert:\LocalMachine\My> $cert.Thumbprint
PS cert:\LocalMachine\My> get-CertThumbprint $cert

If you’re wondering why you don’t use the subject name to identify a certificate, it’s because you can have lots of certificates with the same subject name.


lee woo said...

Life isn't about finding yourself. Life is about creating yourself. See the link below for more info.


sarah lee said...

I really enjoyed reading your article. I found this as an informative and interesting post, so i think it is very useful and knowledgeable. I would like to thank you for the effort you have made in writing this article.