ok, so to calculate the thumbprint, I can use OpenSSL:
openssl x509 -noout -fingerprint -sha1 -inform pem -in .\temp.crt
The Base64 encoded certificate is returned as part of the API request, which then needs to be saved as an ASCII file, and read back in using the above OpenSSL command. Of course, it also assumes that OpenSSL is installed on the Windows machine, which is not always the case.
I have just asked out devs if adding this value to the API result could be done, but it won’t happen overnight.
I am guessing that it is this value that you are using in the CertificatePreviousThumbprintHash and CertificateThumprintHash