diff --git a/src/gui/CMakeLists.txt b/src/gui/CMakeLists.txt
index 2875adf4..49557352 100644
--- a/src/gui/CMakeLists.txt
+++ b/src/gui/CMakeLists.txt
@@ -131,7 +131,7 @@ add_executable (barrier WIN32
 
 include_directories (./src)
 
-target_link_libraries (barrier Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
+target_link_libraries(barrier net base io Qt5::Core Qt5::Widgets Qt5::Network ${OPENSSL_LIBS})
 target_compile_definitions (barrier PRIVATE -DBARRIER_VERSION_STAGE="${BARRIER_VERSION_STAGE}")
 target_compile_definitions (barrier PRIVATE -DBARRIER_REVISION="${BARRIER_REVISION}")
 
diff --git a/src/gui/src/SslCertificate.cpp b/src/gui/src/SslCertificate.cpp
index 9dc93ce8..99af4d44 100644
--- a/src/gui/src/SslCertificate.cpp
+++ b/src/gui/src/SslCertificate.cpp
@@ -18,6 +18,7 @@
 #include "SslCertificate.h"
 #include "Fingerprint.h"
 #include "common/DataDirectories.h"
+#include "net/SecureUtils.h"
 
 #include <QProcess>
 #include <QDir>
@@ -149,34 +150,14 @@ void SslCertificate::generateCertificate()
 
 void SslCertificate::generateFingerprint(const QString& certificateFilename)
 {
-    QStringList arguments;
-    arguments.append("x509");
-    arguments.append("-fingerprint");
-    arguments.append("-sha1");
-    arguments.append("-noout");
-    arguments.append("-in");
-    arguments.append(certificateFilename);
-
-    auto ret = runTool(arguments);
-    bool success = ret.first;
-    std::string output = ret.second;
-
-    if (!success) {
-        return;
-    }
-
-    // find the fingerprint from the tool output
-    auto i = output.find_first_of('=');
-    if (i != std::string::npos) {
-        i++;
-        auto fingerprint = output.substr(
-            i, output.size() - i);
-
-        Fingerprint::local().trust(QString::fromStdString(fingerprint), false);
+    try {
+        auto fingerprint = barrier::get_pem_file_cert_fingerprint(certificateFilename.toStdString(),
+                                                                  barrier::FingerprintType::SHA1);
+        Fingerprint::local().trust(QString::fromStdString(
+                                       barrier::format_ssl_fingerprint(fingerprint)), false);
         emit info(tr("SSL fingerprint generated."));
-    }
-    else {
-        emit error(tr("Failed to find SSL fingerprint."));
+    } catch (const std::exception& e) {
+        emit error(tr("Failed to find SSL fingerprint.") + e.what());
     }
 }
 
diff --git a/src/lib/net/SecureUtils.cpp b/src/lib/net/SecureUtils.cpp
index c9222432..97c9cf9a 100644
--- a/src/lib/net/SecureUtils.cpp
+++ b/src/lib/net/SecureUtils.cpp
@@ -17,10 +17,13 @@
 
 #include "SecureUtils.h"
 #include "base/String.h"
+#include "base/finally.h"
+#include "io/fstream.h"
 
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
+#include <cstdio>
 #include <stdexcept>
 
 namespace barrier {
@@ -76,4 +79,22 @@ std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType t
     return digest_vec;
 }
 
+std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
+                                                        FingerprintType type)
+{
+    auto fp = fopen_utf8_path(path, "r");
+    if (!fp) {
+        throw std::runtime_error("Could not open certificate path");
+    }
+    auto file_close = finally([fp]() { std::fclose(fp); });
+
+    X509* cert = PEM_read_X509(fp, nullptr, nullptr, nullptr);
+    if (!cert) {
+        throw std::runtime_error("Certificate could not be parsed");
+    }
+    auto cert_free = finally([cert]() { X509_free(cert); });
+
+    return get_ssl_cert_fingerprint(cert, type);
+}
+
 } // namespace barrier
diff --git a/src/lib/net/SecureUtils.h b/src/lib/net/SecureUtils.h
index a35c1db7..6a6343c8 100644
--- a/src/lib/net/SecureUtils.h
+++ b/src/lib/net/SecureUtils.h
@@ -35,6 +35,9 @@ std::string format_ssl_fingerprint(const std::vector<std::uint8_t>& fingerprint,
 
 std::vector<std::uint8_t> get_ssl_cert_fingerprint(X509* cert, FingerprintType type);
 
+std::vector<std::uint8_t> get_pem_file_cert_fingerprint(const std::string& path,
+                                                        FingerprintType type);
+
 } // namespace barrier
 
 #endif // BARRIER_LIB_NET_SECUREUTILS_H