https://community.checkpoint.com/t5/Scripts/rfc1751-py/m-p/194975#M1130 <P>rfc1751.py: &nbsp;Python script to convert certificate fingerprint hash to ASCII words. &nbsp;Useful for distributing a given certificate fingerprint to VPN clients and SmartConsole users to avoid fingerprint warnings.</P> <P>&nbsp;</P> <P>Examples:</P> <P>./rfc1751.py&nbsp;<SPAN>4607BC6AD16546324F12CD2D6EB43581</SPAN></P> <LI-CODE lang="markup">ASCII fingerprint string: WOW SPA HIM JOKE BEAK HAT AUNT HELD ALOE SKAT USE MUSH</LI-CODE> <P>&nbsp;</P> <P><SPAN>./rfc1751.py AB:3A:04:87:F0:83:07:DC:B6:22:45:0C:CC:8E:5D:B9:3F:FE:C3:4C</SPAN></P> <LI-CODE lang="markup">ASCII fingerprint string: LAUD RISE KID SOAK OUR TORE MAIN EVA US HOBO SWAG SING</LI-CODE> <P>&nbsp;</P> <P>With inline "openssl s_client":</P> <LI-CODE lang="markup">./rfc1751.py $(openssl s_client -connect 192.0.2.1:443 -showcerts &lt;/dev/null 2&gt;/dev/null |sed -n -e '/0 s:/,/END CERT/p'|openssl x509 -noout -fingerprint -sha1|awk -F= '{print $2}')</LI-CODE> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2023-10-13 at 9.30.07 AM.png" style="width: 600px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22809i6A174D9AB08BA294/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2023-10-13 at 9.30.07 AM.png" alt="Screen Shot 2023-10-13 at 9.30.07 AM.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Notes:</P> <P><SPAN>If you are using the Windows certificate details view, the Thumbprint value is 40-bytes, long not 32, so that has to be truncated (which the script does). &nbsp;Feel free to paste the whole 40-byte string as the argument. &nbsp;If you are using openssl x509 -fingerprint, then use the -sha1 argument to get the SHA1 hash (may be default, but a newer openssl may change that some day).</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="python">#!/usr/bin/python3 import sys, os import binascii from Crypto.Util import RFC1751 def main(argv=None): if argv is None: argv = sys.argv if not (len(argv)): print("Fingerprint hex string missing\n") print("Usage: {} &lt;string&gt;\n".format(__file__)) print("String may be colon-separated hex (00:01:aa:bb...) or without colons (0001abcd...)\n") exit(1) fingerprint_arg=argv[0] fingerprint_str=fingerprint_arg.replace(':','') if (len(fingerprint_str) == 40): fingerprint_hex=fingerprint_str[:32] elif (len(fingerprint_str) == 32): fingerprint_hex=fingerprint_str else: print("Usage: {} &lt;string&gt;\n".format(__file__)) exit(1) fingerprint_txt=RFC1751.key_to_english(binascii.unhexlify(fingerprint_hex[:32])) print("\nASCII fingerprint string:\n") print(fingerprint_txt) print("\n") if __name__ == "__main__": main(sys.argv[1:]) </LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 13 Oct 2023 13:30:36 GMT Duane_Toler 2023-10-13T13:30:36Z https://community.checkpoint.com/t5/Scripts/rfc1751-py/m-p/194975#M1130 <P>rfc1751.py: &nbsp;Python script to convert certificate fingerprint hash to ASCII words. &nbsp;Useful for distributing a given certificate fingerprint to VPN clients and SmartConsole users to avoid fingerprint warnings.</P> <P>&nbsp;</P> <P>Examples:</P> <P>./rfc1751.py&nbsp;<SPAN>4607BC6AD16546324F12CD2D6EB43581</SPAN></P> <LI-CODE lang="markup">ASCII fingerprint string: WOW SPA HIM JOKE BEAK HAT AUNT HELD ALOE SKAT USE MUSH</LI-CODE> <P>&nbsp;</P> <P><SPAN>./rfc1751.py AB:3A:04:87:F0:83:07:DC:B6:22:45:0C:CC:8E:5D:B9:3F:FE:C3:4C</SPAN></P> <LI-CODE lang="markup">ASCII fingerprint string: LAUD RISE KID SOAK OUR TORE MAIN EVA US HOBO SWAG SING</LI-CODE> <P>&nbsp;</P> <P>With inline "openssl s_client":</P> <LI-CODE lang="markup">./rfc1751.py $(openssl s_client -connect 192.0.2.1:443 -showcerts &lt;/dev/null 2&gt;/dev/null |sed -n -e '/0 s:/,/END CERT/p'|openssl x509 -noout -fingerprint -sha1|awk -F= '{print $2}')</LI-CODE> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2023-10-13 at 9.30.07 AM.png" style="width: 600px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22809i6A174D9AB08BA294/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2023-10-13 at 9.30.07 AM.png" alt="Screen Shot 2023-10-13 at 9.30.07 AM.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Notes:</P> <P><SPAN>If you are using the Windows certificate details view, the Thumbprint value is 40-bytes, long not 32, so that has to be truncated (which the script does). &nbsp;Feel free to paste the whole 40-byte string as the argument. &nbsp;If you are using openssl x509 -fingerprint, then use the -sha1 argument to get the SHA1 hash (may be default, but a newer openssl may change that some day).</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="python">#!/usr/bin/python3 import sys, os import binascii from Crypto.Util import RFC1751 def main(argv=None): if argv is None: argv = sys.argv if not (len(argv)): print("Fingerprint hex string missing\n") print("Usage: {} &lt;string&gt;\n".format(__file__)) print("String may be colon-separated hex (00:01:aa:bb...) or without colons (0001abcd...)\n") exit(1) fingerprint_arg=argv[0] fingerprint_str=fingerprint_arg.replace(':','') if (len(fingerprint_str) == 40): fingerprint_hex=fingerprint_str[:32] elif (len(fingerprint_str) == 32): fingerprint_hex=fingerprint_str else: print("Usage: {} &lt;string&gt;\n".format(__file__)) exit(1) fingerprint_txt=RFC1751.key_to_english(binascii.unhexlify(fingerprint_hex[:32])) print("\nASCII fingerprint string:\n") print(fingerprint_txt) print("\n") if __name__ == "__main__": main(sys.argv[1:]) </LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 13 Oct 2023 13:30:36 GMT https://community.checkpoint.com/t5/Scripts/rfc1751-py/m-p/194975#M1130 Duane_Toler 2023-10-13T13:30:36Z