Add thumbprint clarification

Author: PatAltimore

articles/iot-edge/iot-edge-certs.md

@@ -138,16 +138,19 @@ For example, we can use the following command to get the identity certificate's
 sudo openssl x509 -in /var/lib/aziot/certd/certs/deviceid-random.cer -noout -nocert -fingerprint -sha256
 ```
 
-The command outputs the certificate thumbprint:
+The command outputs the certificate SHA256 thumbprint:
 
 ```output
 SHA256 Fingerprint=1E:F3:1F:88:24:74:2C:4A:C1:A7:FA:EC:5D:16:C4:11:CD:85:52:D0:88:3E:39:CB:7F:17:53:40:9C:02:95:C3
 ```
 
-If we view the thumbprint value for the *EdgeGateway* device in the Azure portal, we can see it matches the thumbprint on *EdgeGateway*:
+If we view the SHA256 thumbprint value for the *EdgeGateway* device registered in IoT Hub, we can see it matches the thumbprint on *EdgeGateway*:
 
 :::image type="content" source="./media/iot-edge-certs/edge-id-thumbprint.png" alt-text="Screenshot from Azure portal of EdgeGateway device's thumbprint in ContosoIotHub.":::
 
+> [!NOTE]
+> Device Provisioning Service displays the SHA1 thumbprint for the certificate rather than the SHA256 thumbprint. In this example, we're showing the device certificate SHA256 thumbprint matches the SHA256 thumbprint in IoT Hub.
+
 In summary, *ContosoIotHub* can trust *EdgeGateway* because *EdgeGateway* presents a valid **IoT Edge device identity certificate** whose thumbprint matches the one registered in IoT Hub. 
 
 For more information about the certificate building process, see [Create and provision an IoT Edge device on Linux using X.509 certificates](how-to-provision-single-device-linux-x509.md).