Fingerprint as a client ID

If you want to use a SHA1 fingerprint of the certificate that clients present to edge servers as a client ID, pay attention to the following tips and considerations:

  • To check the SHA1 value of a fingerprint in a client certificate, you can use the following command: openssl x509 -in <cert_file.crt> -noout -fingerprint.

  • When extracting a fingerprint value from a client certificate, edge servers convert the fingerprint value so that it doesn't include a delimiting colon.

  • Important: To use a SHA1 fingerprint as a client ID:

    • Convert the fingerprint to lowercase.
    • Remove the colons between the digits.

Let's see an example:

SHA1 fingerprint as a client ID in the Mutual Authentication behavior of the IoT Edge Connect configuration


A piece of a client certificate showing a SHA1 fingerprint

SHA1 Fingerprint=2D:F4:80:50:04:83:8A:C5:03:D5:69:89:BC:5F:1C:4A:CA:69:D6:25

Identity topic filter with a SHA1 fingerprint as a client ID


In this example, this SHA1 fingerprint value in a client certificate: 2D:F4:80:50:04:83:8A:C5:03:D5:69:89:BC:5F:1C:4A:CA:69:D6:25matches this client ID used to access the identity topic: diagnostics/2df4805004838ac503d56989bc5F1c4ACa69d625. See Topic filters.