Get certificate fingerprint of HTTPS server from command line?

Question

Recently Mercurial has added certificate validation when connecting to HTTPS servers. I\'m trying to clone the wiki repository for a googlecode project at https://wiki

Answer 1

Background

Since Mercurial 3.9, Mercurial requires the more secure SHA-256 fingerprint, as opposed to SHA-1 from prior versions. Jeremiah's answer explains how to compute the SHA-1 fingerprint. As pointed out in J.Money's comment, one must now add the -sha256 flag to get the correct fingerprint.

The new command:

openssl s_client -connect : < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin

where : should be substituted as appropriate. (To answer the original question, one would use wiki.pydlnadms.googlecode.com:443, as noted by yanokwa.) You must omit https:// from the URL, otherwise you will get the error Expecting: TRUSTED CERTIFICATE.

One can then add the resulting SHA-256 fingerprint to Mercurial's global settings file (~/.hgrc).