You often use thumbprints to find certificates, but what is the thumbprint? The thumbprint is the hash of the certificate. In the case of the CLR’s X509Certificate2 class, the thumbprint is the SHA1 hash of the certificate. If you want to compute the thumbprint of a certificate yourself it’s pretty simple:
function get-CertThumbprint ($cert)
{
$sha = new-object System.Security.Cryptography.SHA1CNG
$hashOfRawBytesOfCertificate = $sha.ComputeHash($cert.RawData)
( $hashOfRawBytesOfCertificate| % {"{0:X}" -f $_} ) -join ""
}
PS cert:\LocaLMachine\My> dir
Directory: Microsoft.PowerShell.Security\Certificate::LocaLMachine\My
Thumbprint Subject
---------- -------
3BCA8A25A071300BD177E4C73135E54FA830039A CN=STS
08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533 CN=localhost
PS cert:\LocalMachine\My> $cert = get-item 08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533
PS cert:\LocalMachine\My> $cert.Thumbprint
08766D8B3DCDE5D633ED06AB1CB4DF4CCAECA533
PS cert:\LocalMachine\My> get-CertThumbprint $cert
8766D8B3DCDE5D633ED6AB1CB4DF4CCAECA533
If you’re wondering why you don’t use the subject name to identify a certificate, it’s because you can have lots of certificates with the same subject name.
Life isn't about finding yourself. Life is about creating yourself. See the link below for more info.
ReplyDelete#yourself
www.ufgop.org
I really enjoyed reading your article. I found this as an informative and interesting post, so i think it is very useful and knowledgeable. I would like to thank you for the effort you have made in writing this article.
ReplyDeleteedupdf.org