Microsoft "certutil -hashfile..." - Certificate Hash Value

Q

How to get the hash value (or thumbprint value) of a certificate? I have the certificate stored in DER (Distinguished Encoding Rules) format.

✍: FYIcenter.com

A

If you have a certificate saved in a certificate file in DER (binary) format, you can get the SHA1 hash value of the sertificate using you can use the Microsoft "certutil -hashfile input_file" command as shown in this tutorial: 

C:\fyicenter>\windows\system32\certutil -hashf
ile FYIcenter.der
SHA1 hash of file FYIcenter.der:
32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2
CertUtil: -hashfile command completed successfully.

You can compare it with the hash value reported by the "certutil -store" command on the same certificate in the certificate store. Both values should match: 

C:\fyicenter>\windows\system32\certutil -store -user TestStore 0
TestStore
================ Certificate 0 ================
Serial Number: b3f33360411e2b8045cd75cf9588a23d
Issuer: CN=FYIcenter Root CA
 NotBefore: 7/1/2012 2:34 PM
 NotAfter: 12/31/2039 6:59 PM
Subject: CN=FYIcenter Root CA
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template:
Cert Hash(sha1): 32 c6 b7 33 0f 30 64 41 f9 16 95 0d d5 65 a7 30 9c 50 b9 c2
  Key Container = JoeSoft
  Unique container name: 7b90a71bfc56f2582e916a51aed6df9a_e4c0ab3c-2930-4330...
  Provider = Microsoft Strong Cryptographic Provider
Private key is NOT exportable
Signature test passed
CertUtil: -store command completed successfully.

2013-04-25, 11455👍, 0💬

Firefox General Google Chrome IE (Internet Explorer) Intermediate CA Java VM JDK Keytool Microsoft CertUtil Mozilla CertUtil OpenSSL Other Portecle Public Private Key Publishers Revoked Certificates Root CA Tools Tutorial What Is Windows