This script prints out Base64 encoded SHA-256 hashes for leaf & intermediate SSL certificates present in a domain's chain of trust.
To use it, save the certificates.sh
file in a folder, open Terminal there and run below commands:
chmod +x certificates.sh
./certificates.sh example.org
It will output something like below:
C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = www.example.org
mM294xslEgmvDODAxWWH2DeH4/bNgPBpgZvd7SfciuA=
C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
RQeZkB42znUfsDIIFWIRiYEcKl7nHwNFwWCrnMMJbVc=
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=
my server returned two values after running the script. Which one should I use and which value it is SHA1 or SHA256?
CN = example.com
Fma2CS/XXXXXXXXXXXXXXXXXXXXXXXXXX=
C = US, O = Let's Encrypt, CN = R3
XXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXX=