From 822980784011b7a651d65a533e0767e5a41eda5e Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Tue, 15 Nov 2022 15:40:37 +0100
Subject: [PATCH] docs: add example to extract HEX encoded fingerprint from
 certificate (#33507) (#33680)

This commit adds an example of how to extract the HEX encoded SHA-256
fingerprint from a CA certificate using openssl, awk and sed. Those
tools should be available on most Unix-like systems.

Co-authored-by: DeDe Morton <dede.morton@elastic.co>
(cherry picked from commit 0ebad69e2b9ef1fb7018e6e81d8ab1a3b9f69f87)

Co-authored-by: Tiago Queiroz <tiago.queiroz@elastic.co>
---
 libbeat/docs/shared-ssl-config.asciidoc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libbeat/docs/shared-ssl-config.asciidoc b/libbeat/docs/shared-ssl-config.asciidoc
index 5996a2c005a..80fe208093a 100644
--- a/libbeat/docs/shared-ssl-config.asciidoc
+++ b/libbeat/docs/shared-ssl-config.asciidoc
@@ -386,6 +386,14 @@ present in the chain during the handshake, it will be added to the
 `certificate_authorities` list and the handshake will continue
 normaly.
 
+To get the fingerprint from a CA certificate on a Unix-like
+system, you can use the following command, where `ca.crt` is the
+certificate.
+
+[source]
+------------------------
+openssl x509 -fingerprint -sha256 -noout -in ./ca.crt | awk --field-separator="=" '{print $2}' | sed 's/://g'
+------------------------
 
 [discrete]
 [[ssl-server-config]]