hi- in TLS_README it's instructed to use the following command to compute an sha-1 public key fingerprint:
>openssl x509 -in foo.example.com-cert.pem -noout -pubkey | openssl pkey -pubin >-outform DER | openssl dgst -sha1 -c (stdin)= 7e:8b:82:2e:c8:9a:bc:f9:ae:1a:de:e6:9a:6c:b3:3b:b3:34:21:7a that didn't work for me, but: >openssl x509 -noout -in foo.example.com-cert.pem -fingerprint SHA1 Fingerprint=A2:76:67:9B:B1:B8:4A:2F:DF:10:12:94:67:62:BE:47:6F:08:0F:12 did work. as seen, they both output valid digests, but the values differ. i wondered if i might be doing something wrong when using the first command [and how i could troubleshoot]. i'm using postfix 2.11.3 and openssl 1.0.1f on ubuntu 15.04. i also experience this with postfix 2.11.0 and openssl 1.0.1f on ubuntu 14.04 -ben