diff --git a/src/mconnect/device-proxy.vala b/src/mconnect/device-proxy.vala
index 95cac65..8a7d22f 100644
--- a/src/mconnect/device-proxy.vala
+++ b/src/mconnect/device-proxy.vala
@@ -80,6 +80,11 @@ class DeviceDBusProxy : Object {
 		private set {}
 	}
 
+	public string certificate_fingerprint {
+		get { return device.certificate_fingerprint; }
+		private set {}
+	}
+
 	private HashMap<string,PacketHandlerInterfaceProxy> handlers;
 
 	private uint register_id = 0;
diff --git a/src/mconnect/device.vala b/src/mconnect/device.vala
index 3d201f2..dcd1e44 100644
--- a/src/mconnect/device.vala
+++ b/src/mconnect/device.vala
@@ -19,6 +19,7 @@
  */
 
 using Gee;
+using Mconn;
 
 /**
  * General device wrapper.
@@ -69,6 +70,7 @@ class Device : Object {
 	private HashSet<string> _capabilities = null;
 
 	public string certificate { get; private set; default = ""; }
+	public string certificate_fingerprint { get; private set; default = ""; }
 
 	// set to true if pair request was sent
 	private bool _pair_in_progress = false;
@@ -131,7 +133,12 @@ class Device : Object {
 			dev.allowed = cache.get_boolean(name, "allowed");
 			dev.is_paired = cache.get_boolean(name, "paired");
 			try {
-				dev.certificate = cache.get_string(name, "certificate");
+				var cached_certificate = cache.get_string(name, "certificate");
+				if (cached_certificate != "") {
+					var cert = new TlsCertificate.from_pem(cached_certificate,
+														   cached_certificate.length);
+					dev.update_certificate(cert);
+				}
 			} catch (KeyFileError e) {
 				if (e is KeyFileError.KEY_NOT_FOUND) {
 					warning("device %s using older cache format",
@@ -228,7 +235,7 @@ class Device : Object {
 		info("secure: %s", secure.to_string());
 
 		if (secure) {
-			this.certificate = _channel.peer_certificate.certificate_pem;
+			this.update_certificate(_channel.peer_certificate);
 
 			this.maybe_pair();
 		} else {
@@ -570,4 +577,19 @@ class Device : Object {
 			tcp_port = other_dev.tcp_port;
 		}
 	}
+
+	private void update_certificate(TlsCertificate cert) {
+		this.certificate = cert.certificate_pem;
+
+		// prepare fingerprint
+		var fingerprint = Crypt.fingerprint_certificate(cert.certificate_pem);
+		var sb = new StringBuilder.sized(fingerprint.length * 2
+										 + "sha1:".length);
+		sb.append("sha1:");
+		foreach(var b in fingerprint) {
+			sb.append_printf("%02x", b);
+		}
+
+		this.certificate_fingerprint = sb.str;
+	}
 }
\ No newline at end of file