fix SHA-256 fingerprint

ranbel · ranbel · commit 85be97cb56b5 · 2025-07-14T16:05:17.000-04:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
@@ -125,7 +125,7 @@ If you do not already have a TLS endpoint on your network, you can set one up as
 
 To create a TLS endpoint using Windows Internet Information Services (IIS) Manager:
 
-1. Open Powershell.
+1. Run Powershell as administrator.
 
 2. Generate a self-signed certificate:
 
@@ -139,10 +139,19 @@ To create a TLS endpoint using Windows Internet Information Services (IIS) Manag
 	Thumbprint                                Subject
 	----------                                -------
 	0660C4FCD15F69C49BD080FEEA4136B3D302B41B  CN=office-name.example.internal
-
 	```
 
-3. Copy the thumbprint value shown in the output. You will need the thumbprint when you [configure the managed network in Zero Trust](#3-add-managed-network-to-zero-trust).
+3. Extract the certificate's SHA-256 fingerprint:
+
+		```powershell
+		[System.BitConverter]::ToString([System.Security.Cryptography.SHA256]::Create().ComputeHash((Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.FriendlyName -eq "Cloudflare Managed Network Certificate" }).RawData)) -replace "-", ""
+		```
+
+		```powershell output
+		DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8662
+		```
+
+		You will need the SHA-256 fingerprint to [configure the managed network in Zero Trust](/#3-add-managed-network-to-zero-trust). Do not use the default SHA-1 thumbprint generated by the `New-SelfSignedCertificate` command.
 
 4. Open IIS Manager.
 
@@ -175,7 +184,9 @@ The WARP client establishes a TLS connection using [Rustls](https://github.com/r
 
 ## 2. Extract the SHA-256 fingerprint
 
-<Tabs> <TabItem label="local certificate">
+The SHA-256 fingerprint is only required if your TLS endpoint uses a self-signed certificate.
+
+<Tabs> <TabItem label="Local certificate">
 
 To obtain the SHA-256 fingerprint of a local certificate:
 
@@ -189,7 +200,7 @@ The output will look something like:
 SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8662
 ```
 
-</TabItem> <TabItem label="remote server">
+</TabItem> <TabItem label="Remote server">
 
 To obtain the SHA-256 fingerprint of a remote server:
 
