Fingerprinting B of A
I go to this site.
At the left end of the address bar is an icon suggesting a padlock.
Click on that lock.
It will probably tell you why it thinks you are connected with B of A.
That is the browser talking in the frame of mind promulgated by the PKI.
Select “Connection” a little bit lower in this window; then click “certificate information”.
A small new window will open enumerating the certificates in the “certificate chain” that is described by the PKI logic.
For B of A the chain is just two long.
There is the bank’s certificate and the certificate of the CA (certificate authority) selected by B of A to sign the bank’s certificates.
B of A chose VeriSign to sign their own certs.
VeriSign itself has several RSA keys and they used their “Class 3 Extended Validation” key to sign the key from B of A.
If you select the top bar in the small window (“VeriSign ...”) and then click the triangle to the left of “Details”, and scroll down you will find at the bottom two ‘Fingerprints’ for VeriSign’s public key.
I use the SHA1 version.
I found “2B AC 95 6C 4E E4 7F 9D 5C 1E 05 AE 8E D7 F9 5D 47 C2 1F 80”.
If you find otherwise I would very much like to learn of that.
It has been stable for a few weeks in my experience.
You might think it wiser to choose the fingerprint of the bank’s public key but I think that changes from session between at least two keys and perhaps within a single browsing session.
I have observed two such public keys.