Update NU3043.md with OpenSSL instructions (#3457)

kartheekp-ms · web-flow · commit 853f90a7b3c0 · 2025-08-21T17:29:31.000-07:00
diff --git a/docs/reference/errors-and-warnings/NU3043.md b/docs/reference/errors-and-warnings/NU3043.md
@@ -24,8 +24,10 @@ SHA-1 is considered insecure and should no longer be used.
 
 To resolve this warning, ensure that you provide a valid SHA-256, SHA-384, or SHA-512 certificate fingerprint (in hexadecimal) for the `--certificate-fingerprint` option in the `dotnet nuget sign` command or the `CertificateFingerprint` option in the `NuGet.exe sign` command.
 
-Customers can use the following PowerShell script to compute SHA-2 family hashes for certificates.
-To use the script, customers need to save the certificate to a local folder.
+You can use the following scripts to compute SHA-2 family hashes for certificates.
+
+### PowerShell
+To use the script, you need to save the certificate to a local folder.
 
 ```powershell
 $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($certPath)
@@ -41,3 +43,16 @@ Finally
     $certificate.Dispose()
 }
 ```
+### OpenSSL (Linux/macOS)
+
+If the certificate is in PEM or CRT format:
+```sh
+openssl x509 -in path/to/certificate -outform der | sha256sum
+```
+
+If the certificate is already in DER format:
+```sh
+sha256sum path/to/certificate
+```
+> [!TIP]
+> For SHA-384 or SHA-512, replace sha256sum with sha384sum or sha512sum as needed.
