Applies to:
All versions of Venafi Trust Protection Platform with TrustAuthority and TrustForce
Summary:
The Aperture certificate thumbprint for the Venafi Operational Certificate (VOC) is calculated as a SHA256 digest of the certificate data. This article will demonstrate how to generate the Aperture server thumbprint from the TPP VOC certificate.
- Download the VOC certificate from the TPP server in DER format to a Windows server:
- Use the Windows certutil command to generate the SHA256 hash of the certificate file
C:\Temp>certutil -hashfile VenafiServer.venafi.local.der SHA256
SHA256 hash of file VenafiServer.venafi.local.der:
9a 4d 68 f9 0e a5 46 d0 72 4f 69 9e 57 ca 00 e7 38 4f 05 d5 a3 a2 79 d5 6d d8 0d b7 ae d0 fb a0
CertUtil: -hashfile command completed successfully.
- Double check the SHA256 hash against the certificate thumbprint in Aperture to ensure they match
More Information:
If you need to verify those digests on systems with OpenSSL installed, you can use the following commands:
The hash is calculated over the binary certificate data; if your certificate is in the PEM ‘----BEGIN CERTIFICATE----‘ format, convert your certificate to binary format first using this command:
openssl x509 –in [PEM cert] –out [binary cert output file] –outform der
Then obtain the SHA256 digest (Aperture certificate thumbprint):
openssl sha –sha256 <name_of_VOC_cert_in_DER_format>
Comments