A certificate thumbprint is an hexadecimal string that uniquely identifies a certificate. A thumbprint is calculated from the content of the certificate using a thumbprint algorithm. CES accepts Secure Hash Algorithm 1 (SHA-1) thumbprints in the 40-digit hexadecimal string form without spaces.
When you need to specify claims found in a certificate for client or server authentication, you may need to submit a Thumbprint claim.
– Typical example is when installing Windows Admin Center where the Thumbprint is required.
Note: The SSL Thumbprint can also be retrieved using PowerShell commands. See https://techdirectarchive.com/2020/01/05/how-to-retrieve-an-ssl-thumbprint-in-windows-using-powershell/
Fire up an MMC Console as shown in the image below
This will open up the Console Root window as shown below.
Next, click on file,
– Click on Add/Remove Snap-ins as shown in the image below.
In the Console Root window’s left pane, click Certificates (Local Computer).
– Click on Add and
– Click on ok.
This will open up the Certificate Snap-in Window.
- Click the Personal folder to expand it. - Click the Certificates folder to expand it. In the list of certificates, note the Intended Purposes heading. Find a certificate that lists Client Authentication as an intended purpose. - Double-click the certificate. - In the Certificate dialog box, click the Details tab. - Scroll through the list of fields and click Thumbprint. - Copy the hexadecimal characters from the box.
If this thumbprint is used in code for the X509 FindType, remove the spaces between the hexadecimal numbers. For example, the thumbprint “a9 09 50 xxxxxxxxxxxxx2 77 a3 2a 7b” should be specified as a90950xxxxxxxa32a7b” in code. In our case this is fine.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.