|
|
|
|
|
|
by schoen
1096 days ago
|
|
|
The list of all affected SHA256 fingerprints is in https://bug1838667.bmoattachments.org/attachment.cgi?id=9340... You can get the SHA256 fingerprint for your certificate by running openssl x509 -in mycert.pem -sha256 -fingerprint -noout
If you don't like the format, openssl x509 -in mycert.pem -sha256 -fingerprint -noout | cut -d= -f2 | tr -d : | tr A-F a-f
will match the format in the list of affected certificates more closely.If you need to do this against a web server and don't already have a copy of the certificate locally, something like echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null <&- | openssl x509 -sha256 -fingerprint -noout | cut -d= -f2 | tr -d : | tr A-F a-f
(This example outputs the actual SHA256 fingerprint for the real domain example.com, which is not affected.) |
|
|