Microsoft "certutil -hashfile..." - Certificate Hash Value

Q

How to get the hash value (or thumbprint value) of a certificate? I have the certificate stored in DER (Distinguished Encoding Rules) format.

✍: FYIcenter.com

A

If you have a certificate saved in a certificate file in DER (binary) format, you can get the SHA1 hash value of the sertificate using you can use the Microsoft "certutil -hashfile input_file" command as shown in this tutorial:

C:\fyicenter>\windows\system32\certutil -hashf
ile FYIcenter.der
SHA1 hash of file FYIcenter.der:
32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2
CertUtil: -hashfile command completed successfully.

You can compare it with the hash value reported by the "certutil -store" command on the same certificate in the certificate store. Both values should match:

C:\fyicenter>\windows\system32\certutil -store -user TestStore 0
TestStore
================ Certificate 0 ================
Serial Number: b3f33360411e2b8045cd75cf9588a23d
Issuer: CN=FYIcenter Root CA
 NotBefore: 7/1/2012 2:34 PM
 NotAfter: 12/31/2039 6:59 PM
Subject: CN=FYIcenter Root CA
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2
  Key Container = JoeSoft
  Unique container name: 7b90a71bfc56f2582e916a51aed6df9a_e4c0ab3c-2930-4330...
  Provider = Microsoft Strong Cryptographic Provider
Private key is NOT exportable
Signature test passed
CertUtil: -store command completed successfully.

2013-04-25, 9081👍, 0💬