3 files changed, 17 insertions, 0 deletions

diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index b53caf493..fb16f5b97 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -348,6 +348,11 @@ class BaseCertObject(Object):
             label=_('Fingerprint (SHA1)'),
             flags={'no_create', 'no_update', 'no_search'},
         ),
+        Str(
+            'sha256_fingerprint',
+            label=_('Fingerprint (SHA256)'),
+            flags={'no_create', 'no_update', 'no_search'},
+        ),
         Int(
             'serial_number',
             label=_('Serial number'),
@@ -388,6 +393,8 @@ class BaseCertObject(Object):
             if full:
                 obj['sha1_fingerprint'] = x509.to_hex_with_colons(
                     cert.fingerprint(hashes.SHA1()))
+                obj['sha256_fingerprint'] = x509.to_hex_with_colons(
+                    cert.fingerprint(hashes.SHA256()))
 
             general_names = x509.process_othernames(
                     x509.get_san_general_names(cert))
diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py
index 7ceec8eb4..dcadd54a1 100644
--- a/ipaserver/plugins/host.py
+++ b/ipaserver/plugins/host.py
@@ -514,6 +514,10 @@ class host(LDAPObject):
             label=_('Fingerprint (SHA1)'),
             flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
         ),
+        Str('sha256_fingerprint',
+            label=_('Fingerprint (SHA256)'),
+            flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+        ),
         Str('revocation_reason?',
             label=_('Revocation reason'),
             flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py
index 3349889e0..03271d685 100644
--- a/ipaserver/plugins/service.py
+++ b/ipaserver/plugins/service.py
@@ -276,6 +276,8 @@ def set_certificate_attrs(entry_attrs):
     entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after)
     entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons(
         cert.fingerprint(hashes.SHA1()))
+    entry_attrs['sha256_fingerprint'] = x509.to_hex_with_colons(
+        cert.fingerprint(hashes.SHA256()))
 
 def check_required_principal(ldap, principal):
     """
@@ -506,6 +508,10 @@ class service(LDAPObject):
             label=_('Fingerprint (SHA1)'),
             flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
         ),
+        Str('sha256_fingerprint',
+            label=_('Fingerprint (SHA256)'),
+            flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+        ),
         Str('revocation_reason?',
             label=_('Revocation reason'),
             flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},