You often use thumbprints to find certificates, but what is the thumbprint? The thumbprint is the hash of the certificate. In the case of the CLR’s X509Certificate2 class, the thumbprint is the SHA1 hash of the certificate. If you want to compute the thumbprint of a certificate yourself it’s pretty simple:
function get-CertThumbprint ($cert)
{
$sha = new-object System.Security.Cryptography.SHA1CNG
$hashOfRawBytesOfCertificate = $sha.ComputeHash($cert.RawData)
( $hashOfRawBytesOfCertificate| % {"{0:X}" -f $_} ) -join ""
}
PS cert:\LocaLMachine\My> dir
Directory: Microsoft.PowerShell.Security\Certificate::LocaLMachine\My
Thumbprint Subject
---------- -------
3BCA8A25A071300BD177E4C73135E54FA830039A CN=STS
08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533 CN=localhost
PS cert:\LocalMachine\My> $cert = get-item 08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533
PS cert:\LocalMachine\My> $cert.Thumbprint
08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533
PS cert:\LocalMachine\My> get-CertThumbprint $cert
8766D8B3DCDE5D633ED6AB1CB4DF4CCAECA533
If you’re wondering why you don’t use the subject name to identify a certificate, it’s because you can have lots of certificates with the same subject name.
0 comments:
Post a Comment