I've been looking at AWS Cognito and keep coming across interesting snippets of how to do things.
Let's say you wanted the ADFS thumbprint for the SSL certificate.
You could do this via mmc or via the ADFS wizard or via the IIS binding.
You could also do:
openssl s_client -showcerts -connect my-adfs:443
Note: You just use the top-level ADFS URL - don't add /adfs/ls etc.
This displays:
Loading 'screen' into random state - done
CONNECTED(000005DC)
depth=0 CN = my-adfs
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = my-adfs
verify return:1
---
Certificate chain
0 s:/CN=my-adfs
i:/CN=my-adfs
-----BEGIN CERTIFICATE-----
MIIExD...vLMng0
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=my-adfs
issuer=/CN=my-adfs
---
No client certificate CA names sent
---
SSL handshake has read 1964 bytes and written 447 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 29140000...E4D79A337F1F0BBC9
Session-ID-ctx:
Master-Key: 91E8...DE30CD
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1521150875
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
read:errno=10054
Copy / paste this section:
-----BEGIN CERTIFICATE-----
MIIExD...vLMng0
-----END CERTIFICATE-----
into a file called e.g. adfs.cer
Then:
openssl x509 -in c:\xxx\adfs.cer -fingerprint -noout
SHA1 Fingerprint=24:F8:...:9A:21:2B:35
Enjoy!
No comments:
Post a Comment