Certificate ThumbprintsΒΆ
In some areas the product needs to communicate with an external service. This should be done over HTTPS and secured using a certificate. If the root certificate is not installed on the server or container then the services will not trust the external service and will fail to communicate. To support communicating with these external services a certificate thumbprint can be provided. Example parameters that may need providing:
- The organisation parameter OpenIdAuthorityThumbprint
- The broadcast parameters parameter url_cert_thumbprint and auth_token_url_cert_thumbprint
The thumbprint can be retrieved from the certificate details and provided in the relevant parameter. E.g.: '4AEE27305C890DAAE2A5D89E7DED83A0569367B8'. Often the certificate details can be viewed by visiting the website in a browser and clicking on the padlock.
Note
Some tools may use the terminology 'fingerprint' rather than 'thumbprint'.
Multiple thumbprints can be specified by separating them with ';'. This can be used to update certificates without downtime. E.g.: '4AEE27305C890DAAE2A5D89E7DED83A0569367B8;B2D8F4371C35DA6F6B1E30305157DCAA12677ECC'
By default the thumbprint is expected to be a SHA-1 hash. The thumbprint can instead be supplied as a SHA-256 hash by specify the hashing algorithm. E.g.: 'SHA256=133CC57EC34EC118D87326719CDD93DD44EC2CA88E7149B6EC9B2691773F2181'
Note
The thumbprint parameters can be also be used for certificate pinning.