Openssl certificate fingerprint

Sorry folks,

this should be a FAQ but I googled with no useful results. The standard
library OpenSSL RDoc is very poor.

I just need the Ruby equivalent of this command line:

openssl x509 -noout -md5 -fingerprint -in certificate.crt

that is: the md5 (or sha1 etc.) key fingerprint of an X509 certificate.

Thanks very much.
Guido

Hi,
the fingerprint is MD5 digest over the certificate in DER (binary)
form, so if your certificate is already in DER just calculate MD5
digest over it:

require ‘digest/md5’
puts Digest::MD5.hexdigest(File.read(‘certificate.crt’))

but if the certificate is in PEM format (the default used in your
command line example), you’ll need to either manually BASE64 decode
it, or let the OpenSSL::X509::Certificate do that for you, so:

require ‘openssl’
require ‘digest/md5’
certificate =
OpenSSL::X509::Certificate.new(File.read(‘certificate.crt’))
puts Digest::MD5.hexdigest(certificate.to_der)

or something along those lines…

zoran

Zoran Regvart wrote in post #949806:

Hi,
the fingerprint is MD5 digest over the certificate in DER (binary)

Great! Thanks.

G.