Obtain the SHA-1 Hash of a Trusted Root CA Certificate

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Use this procedure to obtain the Secure Hash Algorithm (SHA-1) hash of a trusted root certification authority (CA) from a certificate that is installed on the local computer. In some circumstances, such as when deploying Group Policy, it is necessary to designate a certificate by using the SHA-1 hash of the certificate.

When using Group Policy, you can designate one or more trusted root CA certificates that clients must use in order to authenticate the NPS server during the process of mutual authentication with EAP or PEAP. To designate a trusted root CA certificate that clients must use to validate the server certificate, you can enter the SHA-1 hash of the certificate.

This procedure demonstrates how to obtain the SHA-1 hash of a trusted root CA certificate by using the Certificates Microsoft Management Console (MMC) snap-in.

Administrative credentials

To complete this procedure, you must be a member of the Users group on the local computer.

To obtain the SHA-1 hash of a trusted root CA certificate

  1. Click Start, click Run, type mmc, and then click OK. The Add or Remove Snap-ins dialog box opens.

  2. In Add or Remove Snap-ins, in Available snap-ins, double-click Certificates. The Certificates snap-in wizard opens. Click Computer account, and then click Next.

  3. In Select Computer, ensure that Local computer (the computer this console is running on) is selected, click Finish, and then click OK.

  4. In the left pane, double-click Certificates (Local Computer), and then double-click the Trusted Root Certification Authorities folder.

  5. The Certificates folder is a subfolder of the Trusted Root Certification Authorities folder. Click the Certificates folder.

  6. In the details pane, browse to the certificate for your trusted root CA. Double-click the certificate. The Certificate dialog box opens.

  7. In the Certificate dialog box, click the Details tab.

  8. In the list of fields, scroll to and select Thumbprint.

  9. In the lower pane, the hexadecimal string that is the SHA-1 hash of your certificate is displayed. Select the SHA-1 hash, and then press the Windows keyboard shortcut for the Copy command (CTRL+C) to copy the hash to the Windows clipboard.

  10. Open the location to which you want to paste the SHA-1 hash, correctly locate the cursor, and then press the Windows keyboard shortcut for the Paste command (CTRL+V).