On 19 Apr 2011, at 10:55 AM, Matt C wrote: > Should I be hashing the entire contents of the PEM file, only part, or is > there additional data I need to add?
The fingerprint that openssl computes is the hash of the entire certificate in DER format. You should be able to recover the DER-formatted certificate by base64-decoding the block of text between the BEGIN/END lines in the PEM-formatted certifcate. There are other hashes of various parts of the certificate, used for other things, but if you're trying to duplicate what openssl -fingerprint is doing, that's how. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org