Ask HN: How the hash value get calculated from AWS CA?(amazontrust.com) |
Ask HN: How the hash value get calculated from AWS CA?(amazontrust.com) |
openssl x509 -in AmazonRootCA1.pem -noout -fingerprint -sha256
Calculating this is generally easy from a typical WebPKI library; less straight-forward from the command line:
% openssl x509 -pubkey -noout < ./AmazonRootCA1.pem | grep -v '^-' | base64 -d | shasum -a256
fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2 -
(Note: That matches the AWS hash.)The hash of the public key is often used as a stable identifier for entities. Hashes of certificates will, of course, change w/ the validity dates and serial number.