Written by Jamie Tanna
on May 6, 2022
CC-BY-NC-SA-4.0 Apache-2.0
1 mins

Getting the fingerprint of a certificate in Go

Featured image for sharing metadata for article

If you need to get the fingerprint for a given certificate, we can use OpenSSL to do it, but we may also want to do the same in Go.

We can adapt this StackOverflow answer and this blog post to produce the following:

package main

import (
	"crypto/sha1"
	"crypto/tls"
	"fmt"
	"log"
)

func fingerprint(address string) string {
	conf := &tls.Config{
		InsecureSkipVerify: true, // as it may be self-signed
	}

	conn, err := tls.Dial("tcp", address, conf)
	if err != nil {
		log.Println("Error in Dial", err)
		return ""
	}
	defer conn.Close()
	cert := conn.ConnectionState().PeerCertificates[0]
	fingerprint := sha1.Sum(cert.Raw)
	return fmt.Sprintf("%x", fingerprint) // to make sure it's a hex string
}

func main() {
	fmt.Println(fingerprint("google.com:443"))
}

Written by Jamie Tanna on Fri, 06 May 2022 21:20:26+01:00, and last updated on Fri, 06 May 2022 20:28:17+00:00.

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #go #certificates.

Also on:

This post was filed under articles.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.

← → Top