View SSL certificate thumbprint / fingerprint / serial number

Assume you've just installed your certificate from LetsEncrypt and you want to verify that the thumbprint you see in your browser matches the value in the certificate itself.

Note that certificate thumbprint, fingerprint and serial number are all the same thing.

From the browser, we can see that the cert is using sha1 for the thumbprint.

 

The path to the cert provided by LetsEncrypt would be something like

/etc/letsencrypt/live/[domain]/cert.pem

where domain is the domain of the website.

In that folder, run the appropriate command depending on the cert thumbprint algorithm.

SHA-256
openssl x509 -noout -fingerprint -sha256 -inform pem -in [cert.pem]

SHA-1
openssl x509 -noout -fingerprint -sha1 -inform pem -in [cert.pem]

MD5
openssl x509 -noout -fingerprint -md5 -inform pem -in [cert.pem]
 

Compare the output from openssl to the value you see in your browser. Colon and spaces do not matter. Upper and lower case also do not matter. If they are the same then you are not connecting through an SSL proxy.

Note that when comparing, www.mysite.com and mysite.com are not the same, most likely. They will have different certs and different thumbprints. Make sure you're comparing the right things.