Forum Discussion
Jared_Shields
Aug 11, 2021Nimbostratus
Hey !
I had the same issue with the thumbprint not matching... I was able to get it to work, but im not proud about the method though (and I havent looked into _why_ this works). I planned to come back to this to delve deeper to understand why this works, but in the meantime, here's what worked for me:
set cert_pem [ACCESS::session data get "session.ssl.cert.whole"]
set cert [b64decode [b64encode [X509::pem2der $cert_pem]]]
set cert_thumbprint_binary [sha1 $cert]
binary scan $cert_thumbprint_binary H* cert_thumbprint_hex
I have absolutely NO idea why converting the DER certificate to B64 and back again causes the correct thumbprint/sha1 to be generated.... But nevertheless, after doing the encode/decode, I'm now getting the same hex thumbprint that windows and other libraries generate.
With respect to the variable getting chopped off, I'm pretty new to BIG-IP so I can't speculate much on that... Sorry!