seems now to return by default the SHA-256 fingerprint, while the thumbprint/fingerprint needed by the service is SHA-1:
"Server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available".
SHA1 fingerprint can be easily obtained just specifying it in the command:
In https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html, the command
openssl x509 -in certificate.crt -fingerprint -noout
seems now to return by default the SHA-256 fingerprint, while the thumbprint/fingerprint needed by the service is SHA-1:
"Server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available".
SHA1 fingerprint can be easily obtained just specifying it in the command:
openssl x509 -in certificate.crt -fingerprint -sha1 -noout