Microsoft "certutil -hashfile..." - Certificate Hash Value
Q
How to get the hash value (or thumbprint value) of a certificate? I have the certificate stored in DER (Distinguished Encoding Rules) format.
✍: FYIcenter.com
A
If you have a certificate saved in a certificate file in DER (binary) format, you can get the SHA1 hash value of the sertificate using you can use the Microsoft "certutil -hashfile input_file" command as shown in this tutorial:
C:\fyicenter>\windows\system32\certutil -hashf ile FYIcenter.der SHA1 hash of file FYIcenter.der: 32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2 CertUtil: -hashfile command completed successfully.
You can compare it with the hash value reported by the "certutil -store" command on the same certificate in the certificate store. Both values should match:
C:\fyicenter>\windows\system32\certutil -store -user TestStore 0 TestStore ================ Certificate 0 ================ Serial Number: b3f33360411e2b8045cd75cf9588a23d Issuer: CN=FYIcenter Root CA NotBefore: 7/1/2012 2:34 PM NotAfter: 12/31/2039 6:59 PM Subject: CN=FYIcenter Root CA Signature matches Public Key Root Certificate: Subject matches Issuer Template: Cert Hash(sha1): 32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2 Key Container = JoeSoft Unique container name: 7b90a71bfc56f2582e916a51aed6df9a_e4c0ab3c-2930-4330... Provider = Microsoft Strong Cryptographic Provider Private key is NOT exportable Signature test passed CertUtil: -store command completed successfully.
2013-04-25, 11002👍, 0💬