Dear list-members, we are in need to generate sha1-fingerprints for public keys contained in PKCS#10-certificate requests. Any tries we made did not lead to the correct fingerprints, as the description we got of what values to use for sha1 is vague. Since getting the right command-sequence to get correct fingerprints is very important and urgent for us, we like to ask for paid assistance.
We know the correct fingerprint for the public key in the request below would begin with "31b5". -----BEGIN CERTIFICATE REQUEST----- MIIC+zCCAeMCAQAwgbUxCzAJBgNVBAYTAkRFMUkwRwYDVQQKE0BES1RJRyBUcnVz dENlbnRlciBmdWVyIEtyYW5rZW5oYWV1c2VyIHVuZCBMZWlzdHVuZ3NlcmJyaW5n ZXIgUEtDMS0wKwYDVQQLEyRwcm9Tb2Z0IEVEVi1Mb2VzdW5nZW4gR21iSCB1bmQg Q28gS0cxFDASBgNVBAsTC0lLMTIzNDU2Nzg5MRYwFAYDVQQDEw1UYW5qYSBXZWdt YW5uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohmHF/G4P4sp+if+ iVDG5l/owRprhohSH5h8UjSbi514DVByOVKz39JGSnPdRF1pMMSqH5nDg6/EqqXw 9Rs2AvsZCZgQhy2mI5V1lhMjhrLIvBHEAxzRq+oOL2tYMqZbMKTt4ObWZH5VNK3j Ee6rgNU6kuKQJVvUISMfP0OQPDnDSq3UmXdJsJo6bEp7UqK0ZKciznTeDuG6MPnn E8sLqe3WufbvOoIphfLuCFhM1n0cppSO/aTi0z3RNFyPosPugrZj3PiNcoHRe+nA ynPMoxvDt8AVIVXvU7GlrQJ9WplH0I/mdsK6OW0j8iQwiwXaqBW7j1JWlPCbrQlv ZU1sawIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBADLzuPI26Y68iBSIL5OVHhEF W8yspny+RKDR60IeKXgpZ2JneUmlfTnoWD2AHMKFpxxmqSA4ou89oi/zbzizX4xG uUBerJbbajjcsSu7LWdiqv+2yNKZb0dIMSfTLrXqNw+xYpVvtEqJIm6HW118lHv+ Jk/LOrmq5/BM0258uUlZJElbq4py8SBUKLkrmOXWmFoIw/BMr+HYkAlN4zLp6DUe nC81If3YOjKFAj8+fhOGZ8rguw4MTFPZI/teIqiCLDER9to/JpTs2SFzWXenvHaR LBjAC9M5q2rqCrWwyq7tl++urKuve485IpzANSAQw+0N90/+ErbhZwVs/SXo/uk= -----END CERTIFICATE REQUEST----- A certificate builded upon the request and the following private key (passphrase: proSoft)... -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,78F84AF609C4C81A d20+29dQYExNm+e2/X+7dZBtflmC/j6vAxy8v+/uyWU6YC68X8rIbiX1WfaOmDGE ceW9Dhx7qeYLFxL8P0DQGr4yH9XPNXNPpTFX+VEtZcig6qtbHQWdTwEjuURB/0AE A8GQ536BGlV0K371vtA4HhhjZOVzoEET8TGmBn0q2N/10Gr9ItxSNY3xPGqwKvEQ EFGntkh6/Eklcezaoh6420IjkNgTkKJI1OTPEZr57uYZDy2R5VBo25kRgzcweQig 6ENRx4nF8rVJ8loO39ee71Kw3obGc50s+Cn5KPxqeppOYGr4eFD1LOvlMDL/euDc MAYtWKrdARtJws9EAmT4mQrs3mdr+E/nCdp4a9lEIC40R9l4vQKjQy7SPzsbgyOs Gxp4u5pvJRe+/t0Yzt+7Zx8nPO1v7YWmMFC523zZ4FDvZ6nCGfnB1ci6R5AeHxTL ovt/NVRjduK+g7Cob8KTc1L3dcFiA0knBOFKlqNHI37Ew9dlx1ifciUKspLzCddT kOAP9UBeMJWRdH8rTUKnoC11HmFzRmwkbGAi99YImKXZa2jdlTVs66ePrMySD10l anS3S1YwU7a5OsJ9sAaI38JQ0vJhOZ1OOOZdka4lQ8p9mmQgIXnixzt45nUOVLze EWaggPTolQ8i5B7Q09QkVXFMkVdILlPtts+Zw+kR4YA7uoLok/fSWsNVIP2CVHoe YcCxSLXef0kstJQZYCEt4M6qlUXZVXBpzwAxhYnYYtXDYOnRxRtm6Z7GEmg9cZQG mqk5aBKiCNCYCeT0q8/rgj1z6PE2SxNcODMvqOA8FOk4du8NLDbp86AGMTy2yBlV 1uS38IUTJ6s8zxEHWMUj46W9GMWpewUNuZuP5iX4RzrFzX8BP30/wl8aAuCAsEQZ Fc9tPkbcTRJvsNcGTQbPSAGN1rOhBZsJzmAiTcc5VrguLsG5QMyqa2rwJjYI1PIB MRwGLVukFcTXuRdmABJGv4NNmvI9upFQp0I2K2cwkV3WoTRdsD4GmhbTGDSNm2Bq brH8uxQBgdrFvFtP+u9zLO+Aovk0K1EHh6SxMGZaXkaTNiOiNOt5Okjg8qulYZCD GdZtdgtUOfqB4KLsqnBzwzR12QiVlGf2+ftGViioy97C0Mlf3eAko/PbGFqHHWmp veZHhRldXfKO53SqHAkUvZFqP4lZRoTWPgrh383LzI6uU+sCv2pmfoprYc78EO7m LMg9U3WrS/ALC27ThwqHTKAD95L9DGMqKP3tLKWQWWJfeA8myj4vKwO877IsUxi3 ktTV8mg2DH4QBurtQyifVs1DEMfiHm7cZSFrjw1V/dwvFOV20xPhHg3RD3oWr8SW GGIwrqxS82lSUotvw/3KzinjU5+a3yiSbRs4BZtOgLnRBFB9PD+JsVb673ugxtyR ncyUDeZG00ZSl4t6ASJmDmENLVG2x0qcD/cLwpRI8/ahyHBSjYp0Vk7MgVL5LcHL ngrBeCGMtRTHOEE88xbjTNxGag6QuA6FrCaU2lS+FeLMADzlQkGbDxNXgQY6uQ3i rvtGJVa4CmQ3af5fDk1SS1hAnEO8LUjJAHhXU822gy+AJR6WMwm8Dl2xyA47zz+q -----END RSA PRIVATE KEY----- ...would be -----BEGIN CERTIFICATE----- MIID6DCCAtACCQCgH0lNARPS1DANBgkqhkiG9w0BAQQFADCBtTELMAkGA1UEBhMC REUxSTBHBgNVBAoTQERLVElHIFRydXN0Q2VudGVyIGZ1ZXIgS3JhbmtlbmhhZXVz ZXIgdW5kIExlaXN0dW5nc2VyYnJpbmdlciBQS0MxLTArBgNVBAsTJHByb1NvZnQg RURWLUxvZXN1bmdlbiBHbWJIIHVuZCBDbyBLRzEUMBIGA1UECxMLSUsxMjM0NTY3 ODkxFjAUBgNVBAMTDVRhbmphIFdlZ21hbm4wHhcNMDUxMjIyMTQwNTQzWhcNMDYw MTIxMTQwNTQzWjCBtTELMAkGA1UEBhMCREUxSTBHBgNVBAoTQERLVElHIFRydXN0 Q2VudGVyIGZ1ZXIgS3JhbmtlbmhhZXVzZXIgdW5kIExlaXN0dW5nc2VyYnJpbmdl ciBQS0MxLTArBgNVBAsTJHByb1NvZnQgRURWLUxvZXN1bmdlbiBHbWJIIHVuZCBD byBLRzEUMBIGA1UECxMLSUsxMjM0NTY3ODkxFjAUBgNVBAMTDVRhbmphIFdlZ21h bm4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiGYcX8bg/iyn6J/6J UMbmX+jBGmuGiFIfmHxSNJuLnXgNUHI5UrPf0kZKc91EXWkwxKofmcODr8SqpfD1 GzYC+xkJmBCHLaYjlXWWEyOGssi8EcQDHNGr6g4va1gyplswpO3g5tZkflU0reMR 7quA1TqS4pAlW9QhIx8/Q5A8OcNKrdSZd0mwmjpsSntSorRkpyLOdN4O4bow+ecT ywup7da59u86gimF8u4IWEzWfRymlI79pOLTPdE0XI+iw+6CtmPc+I1ygdF76cDK c8yjG8O3wBUhVe9TsaWtAn1amUfQj+Z2wro5bSPyJDCLBdqoFbuPUlaU8JutCW9l TWxrAgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAGew/UtWiyOXMRNgZzohjGbcTUXC MJzgyNohI33Mjhmi2Mu1e6kcd1SaFfgb6mhEeDWcnqgPYWEHxdkilvmAw7SScv9u 2y+bYybGUel4xanjNmTnjcSsbjjcKyq93OtNEonCDKVuMq/MsBdFtgjkB3bGxlRJ 56rBmcCLNVqnhDg/XcduM1ZVU0Ag+7jLqtnRtXJ/hnrfzJQiXw/DllGtvor9DK31 hszMoICeTK+hx4wwtiMEflvOG5BNjfYdVWR/Ctr3K4IOIYQV01DkJNDmHT57xvoH lgsZrbf2ox08vJQMk/tuBUsuRIyzxcKdUUAI0fombnH9LPJLUtC1kka5IMk= -----END CERTIFICATE----- The public key is -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohmHF/G4P4sp+if+iVDG 5l/owRprhohSH5h8UjSbi514DVByOVKz39JGSnPdRF1pMMSqH5nDg6/EqqXw9Rs2 AvsZCZgQhy2mI5V1lhMjhrLIvBHEAxzRq+oOL2tYMqZbMKTt4ObWZH5VNK3jEe6r gNU6kuKQJVvUISMfP0OQPDnDSq3UmXdJsJo6bEp7UqK0ZKciznTeDuG6MPnnE8sL qe3WufbvOoIphfLuCFhM1n0cppSO/aTi0z3RNFyPosPugrZj3PiNcoHRe+nAynPM oxvDt8AVIVXvU7GlrQJ9WplH0I/mdsK6OW0j8iQwiwXaqBW7j1JWlPCbrQlvZU1s awIDAQAB -----END PUBLIC KEY----- So far we tried openssl x509 -sha1 -fingerprint -in selfsigned.cer -noout openssl x509 -req -sha1 -fingerprint -in ITSG_REQ_123456789.tmp -noout -signkey ITSG_KEY_123456789.tmp openssl req -noout -modulus -in ITSG_REQ_123456789.tmp | openssl sha1 openssl.exe req -noout -pubkey -in ITSG_REQ_123456789.tmp | openssl sha1 We also know, sha1 has to be calculated on the public key without the lines -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. But even expecting this to be a quite good explain, it did not lead to the right commands to get the correct fingerprint. Any assistance is very much appreciated. If someone want's help us, for money or for free, please send private mail to [EMAIL PROTECTED] . Thx very much in advance. Tom Horstmann ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]