Extracting SHA1 Fingerprint of SSL Certificate

davmail is a Microsoft Exachange gateway. davmail can talk to the Exchange server and export mail folder over IMAP. I use davmail to read emails from the Exchange server of a client of my employer. Since this Exchange server is only accessible over HTTPS, davmail requires the SHA1 fingerprint of the server certificate in its davmail.server.certificate.hash property.

Although Firefox shows the SHA1 fingerprint in its "Certificate Viewer", it won't let me copy the text from there using the clipboard. So, here is how I used OpenSSL command line tools to get what I need.

First get the raw certificate:

echo Q |openssl s_client -connect mail.example.com:443

Copy the lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to a file, say cert.pem, and generate the SHA1 fingerprint using:

openssl x509 -in cert.pem -sha1 -noout -fingerprint

Update: A simpler way to SHA1 fingerprint with the GnuTLS command line utility, gnutls-cli:

gnutls-cli -p 443 mail.example.com

Look for SHA-1 fingerprint in the output.