Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step certificate fingerprint
Name
step certificate fingerprint -- print the fingerprint of a certificate
Usage
step certificate fingerprint <crt-file>
[--bundle] [--roots=<root-bundle>] [--servername=<servername>]
[--format=<format>] [--sha1] [--insecure]
Description
step certificate fingerprint reads a certificate and prints to STDOUT the certificate SHA256 of the raw certificate.
If crt-file contains multiple certificates (i.e., it is a certificate
"bundle") the fingerprint of the first certificate in the bundle will be
printed. Pass the --bundle option to print all fingerprints in the order in
which they appear in the bundle.
Positional arguments
crt-file
A certificate PEM file, usually the root certificate.
Options
--roots=roots
Root certificate(s) that will be used to verify the
authenticity of the remote server.
roots is a case-sensitive string and may be one of:
file: Relative or full path to a file. All certificates in the file will be used for path validation.
list of files: Comma-separated list of relative or full file paths. Every PEM encoded certificate from each file will be used for path validation.
directory: Relative or full path to a directory. Every PEM encoded certificate from each file in the directory will be used for path validation.
--bundle Print all fingerprints in the order in which they appear in the bundle.
--insecure Use an insecure client to retrieve a remote peer certificate. Useful for debugging invalid certificates remotely.
--servername=value
TLS Server Name Indication that should be sent to request a specific certificate from the server.
--format=format
The format of the fingerprint, it must be "hex", "base64", "base64-url", "base64-raw", "base64-url-raw" or "emoji".
--sha1 Use the SHA-1 hash algorithm to hash the certificate. Requires --insecure flag.
Examples
Get the fingerprint for a root certificate:
$ step certificate fingerprint /path/to/root_ca.crt
0d7d3834cf187726cf331c40a31aa7ef6b29ba4df601416c9788f6ee01058cf3
Get the fingerprint for a remote certificate:
$ step certificate fingerprint https://smallstep.com
e2c4f12edfc1816cc610755d32e6f45d5678ba21ecda1693bb5b246e3c48c03d
Get the fingerprints for a remote certificate with its intermediate:
$ step certificate fingerprint --bundle https://smallstep.com
e2c4f12edfc1816cc610755d32e6f45d5678ba21ecda1693bb5b246e3c48c03d
25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.