Check fingerprint for own self signed SSL certificate

Not sure if you mean manually or automatically.

Manually -- yes -- you can view the thumbprint of the certificate that reaches your browser, e.g. in Chrome you would right-click the part of the address bar to the left of the address, choose Details, View Certificate, and click on the details tab. The thumbprint is at or near the bottom.

Automatically -- yes -- just install the certificate on your desktop computer (double click the cert and follow the instructions) and the browser will trust it from that point forward. If one day you browse to your web site and you get an SSL warning, there was a cert mismatch, and someone is hacking you.


In case you have enough trust in the other connection to the server then yes, you can calculate the fingerprint over there and compare it to the one in the client. Basically the fingerprint is just a hash over the (binary encoded) certificate.

So for instance:

openssl x509 -in yourcert.pem -outform DER -out yourcert.cer

removes any ASCII armour / PEM encoding (if present), and a simple:

sha1sum yourcert.cer

calculates the fingerprint.

Same for SHA-256 fingerprinting of course, in case your client supports that more secure hash algorithm.

Of course the general idea is that you can now trust the server at the client. The server should already trust its own certificate.