- changed status to closed
Small documentation issue for certificate check
Issue #498
closed
Under "Connection Testing", "Certification Checksum", the following formula is listed to get the fingerprint:
openssl x509 -fingerprint -sha1 -in server.crt | head -1 | cut -f2 -d'='
However, that yields a fingerprint such like this:
95:D3:3D:BF:1F:87:66:81:7C:3D:64:B5:6C:9D:0E:BF:B6:6C:41:6F
which won't work in the actual check (at least, it doesn't for me). This formula does work for me:
openssl x509 -fingerprint -sha1 -in server.crt | head -1 | cut -f2 -d'=' | sed s/://g
95D33DBF1F8766817C3D64B56C9D0EBFB66C416F
Comments (1)
-
repo owner - Log in to comment
Thank you, but it is actually not necessary to strip
:
in the hash as Monit does it internally. I've modified fingerprint example in the manual so the checksum example match the string returned from the openssl command.