Is this a real certificate fingerprint?

No. The thumbprint is a string of cryptographically random bytes formatted to look exactly like a certificate fingerprint. It is not derived from any certificate and matches no real key, so use it only as placeholder test data.

What is a certificate thumbprint?

A thumbprint, or fingerprint, is the hash of the DER-encoded certificate. SHA-1 produces 20 bytes shown as 40 hex characters, and SHA-256 produces 32 bytes shown as 64 hex characters. Tools use it to identify a specific certificate compactly.

Why are SHA-1 thumbprints still around?

SHA-1 is cryptographically broken for signatures, but many tools and Windows certificate stores still display SHA-1 thumbprints as identifiers. The format persists for compatibility even though SHA-256 is preferred for any security decision.

Which display format should I use?

Colon-separated uppercase hex (AA:BB:CC) is common in OpenSSL and browsers. Space-separated bytes appear in Windows certificate dialogs. Plain hex with no separators suits config files and string comparisons. Pick whichever your tool reads.

Are the bytes truly random?

Yes. The tool uses the browser's Web Crypto random generator to produce the bytes, so each thumbprint is unpredictable and unlikely to ever repeat. They are still placeholders, not hashes of any actual data.

Fake Certificate Thumbprint Generator

Need a thumbprint-shaped string to drop into a TLS or PKI test? This generator produces correctly formatted SHA-1 and SHA-256 certificate thumbprints from cryptographically random bytes. They look real but match no certificate.

How it works

A certificate thumbprint is simply a cryptographic hash of the certificate’s DER bytes, displayed as hexadecimal. The byte length depends on the algorithm:

SHA-1    20 bytes  -> 40 hex characters
SHA-256  32 bytes  -> 64 hex characters

The tool draws the right number of random bytes from the browser’s Web Crypto generator and formats them as uppercase hex, optionally separated by colons or spaces. Because the bytes are random rather than hashed from a real certificate, the result is a safe placeholder.

Tips and notes

Match the display format to your target tool: OpenSSL and browsers favour colon-separated hex, Windows certificate dialogs show space-separated bytes, and config files usually want unseparated hex. Never treat a generated value as a trust anchor — pin only thumbprints derived from certificates you actually control.