Skip to content

Commit

Permalink
docs: add example to extract HEX encoded fingerprint from certificate (
Browse files Browse the repository at this point in the history 
…#33507) (#33680)

This commit adds an example of how to extract the HEX encoded SHA-256
fingerprint from a CA certificate using openssl, awk and sed. Those
tools should be available on most Unix-like systems.

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
(cherry picked from commit 0ebad69)

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>
  • Loading branch information
@mergify @belimawr
mergify[bot] and belimawr committed Nov 15, 2022
1 parent c9b1e19 commit 8229807
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions libbeat/docs/shared-ssl-config.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,6 +386,14 @@ present in the chain during the handshake, it will be added to the
`certificate_authorities` list and the handshake will continue
normaly.

To get the fingerprint from a CA certificate on a Unix-like
system, you can use the following command, where `ca.crt` is the
certificate.

[source]
------------------------
openssl x509 -fingerprint -sha256 -noout -in ./ca.crt | awk --field-separator="=" '{print $2}' | sed 's/://g'
------------------------

[discrete]
[[ssl-server-config]]
Expand Down

0 comments on commit 8229807

Please sign in to comment.