@@ -107,12 +107,13 @@
     char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
     unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
     char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
     unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
     const char *shachars="0123456789ABCDEF";
-    int nid, pknid, bits, num_of_exts;
+    int nid, pknid, bits, num_of_exts, len;
     uint32_t xflags;
+    unsigned char *bstring;
 
     sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
     sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
 
     certStr[0] = 0;
@@ -196,10 +197,15 @@
 	/* Check if cert was issued by CA cert issuer or self signed */
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
     }
  
+    /* Subject Key Identifier  */
+    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1));
+    bstring = X509_keyid_get0(cert, &len);
+    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(bstring, len));
+
     /* SHA1 - DER representation*/
     X509_digest(cert, EVP_sha1(), sha1_hash_binary, NULL);
     for (int n = 0; n < SHA_DIGEST_LENGTH; n++) {
         sha1_hash_ascii[n*2]   = shachars[(sha1_hash_binary[n] & 0xF0) >> 4];
         sha1_hash_ascii[n*2+1] = shachars[(sha1_hash_binary[n] & 0x0F)];