diff --git a/src/main/java/eu/europa/ec/dgc/utils/CertificateUtils.java b/src/main/java/eu/europa/ec/dgc/utils/CertificateUtils.java
index 1beb4cc..d0117d6 100644
--- a/src/main/java/eu/europa/ec/dgc/utils/CertificateUtils.java
+++ b/src/main/java/eu/europa/ec/dgc/utils/CertificateUtils.java
@@ -21,7 +21,6 @@
 package eu.europa.ec.dgc.utils;
 
 import java.io.IOException;
-import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
@@ -32,6 +31,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.util.encoders.Hex;
 import org.springframework.stereotype.Service;
 
 /**
@@ -137,15 +137,15 @@ public X509Certificate convertCertificate(X509CertificateHolder inputCertificate
         return new JcaX509CertificateConverter().getCertificate(inputCertificate);
     }
 
-    private String calculateHash(byte[] data) throws NoSuchAlgorithmException {
+    /**
+     * Calculates SHA-256 hash of a given Byte-Array.
+     *
+     * @param data data to hash.
+     * @return HEX-String with the hash of the data.
+     */
+    public String calculateHash(byte[] data) throws NoSuchAlgorithmException {
         byte[] certHashBytes = MessageDigest.getInstance("SHA-256").digest(data);
-        String hexString = new BigInteger(1, certHashBytes).toString(16);
-
-        if (hexString.length() == 63) {
-            hexString = "0" + hexString;
-        }
-
-        return hexString;
+        return Hex.toHexString(certHashBytes);
     }
 
     private byte[] calculateHashBytes(byte[] data) throws NoSuchAlgorithmException {
diff --git a/src/test/java/eu/europa/ec/dgc/utils/CertificateUtilsTest.java b/src/test/java/eu/europa/ec/dgc/utils/CertificateUtilsTest.java
index 0844009..50aba97 100644
--- a/src/test/java/eu/europa/ec/dgc/utils/CertificateUtilsTest.java
+++ b/src/test/java/eu/europa/ec/dgc/utils/CertificateUtilsTest.java
@@ -26,6 +26,7 @@
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -53,11 +54,6 @@ void setupTestData() throws Exception {
         certificate = CertificateTestUtils.generateCertificate(keyPair, "DE", "PayloadCertificate");
     }
 
-    @Test
-    void testDefineConstructor() {
-        assertNotNull(new CertificateUtils());
-    }
-
     @Test
     void testGetCertKid() throws Exception {
         byte[] expectedKid = Arrays.copyOfRange(MessageDigest.getInstance("SHA-256").digest(certificate.getEncoded()), 0, 8);
@@ -88,6 +84,15 @@ void testGetCertHash() throws Exception {
         Assertions.assertArrayEquals(expectedThumbprint, thumbprint);
     }
 
+    @Test
+    void testHashingLeadingZero() throws NoSuchAlgorithmException {
+
+        byte[] bytes = Hex.decode("0def64b0223f86d746cc4406000a625dc550fe7b4d0df9c7e399571909d7c182");
+        String expectedHash = "00dcf2cf8e89a076becfc54327c3a9135babcce006232aab10ee0b5365e078c7";
+
+        Assertions.assertEquals(expectedHash, certificateUtils.calculateHash(bytes));
+    }
+
     @Test
     void testGetCertHashHolder() throws Exception {
         X509CertificateHolder holder = new X509CertificateHolder(certificate.getEncoded());