diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
index af796855abb38b6..009ab5b81d781ce 100644
--- a/deps/ncrypto/ncrypto.cc
+++ b/deps/ncrypto/ncrypto.cc
@@ -1005,12 +1005,13 @@ X509View X509View::From(const SSLCtxPointer& ctx) {
   return X509View(SSL_CTX_get0_certificate(ctx.get()));
 }
 
-std::string X509View::getFingerprint(const EVP_MD* method) const {
+std::optional<std::string> X509View::getFingerprint(const EVP_MD* method) const {
   unsigned int md_size;
   unsigned char md[EVP_MAX_MD_SIZE];
   static constexpr char hex[] = "0123456789ABCDEF";
 
   if (X509_digest(get(), method, md, &md_size)) {
+    if (md_size == 0) return std::nullopt;
     std::string fingerprint((md_size * 3) - 1, 0);
     for (unsigned int i = 0; i < md_size; i++) {
       auto idx = 3 * i;
@@ -1023,7 +1024,7 @@ std::string X509View::getFingerprint(const EVP_MD* method) const {
     return fingerprint;
   }
 
-  return std::string();
+  return std::nullopt;
 }
 
 X509Pointer X509View::clone() const {
diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
index 83ce2458bddaf45..da1548286c590f2 100644
--- a/deps/ncrypto/ncrypto.h
+++ b/deps/ncrypto/ncrypto.h
@@ -570,6 +570,8 @@ class X509View final {
   NCRYPTO_DISALLOW_MOVE(X509View)
 
   inline X509* get() const { return const_cast<X509*>(cert_); }
+  inline operator X509*() const { return const_cast<X509*>(cert_); }
+  inline operator const X509*() const { return cert_; }
 
   inline bool operator==(std::nullptr_t) noexcept { return cert_ == nullptr; }
   inline operator bool() const { return cert_ != nullptr; }
@@ -594,7 +596,7 @@ class X509View final {
   bool checkPrivateKey(const EVPKeyPointer& pkey) const;
   bool checkPublicKey(const EVPKeyPointer& pkey) const;
 
-  std::string getFingerprint(const EVP_MD* method) const;
+  std::optional<std::string> getFingerprint(const EVP_MD* method) const;
 
   X509Pointer clone() const;
 
@@ -631,6 +633,8 @@ class X509Pointer final {
   inline bool operator==(std::nullptr_t) noexcept { return cert_ == nullptr; }
   inline operator bool() const { return cert_ != nullptr; }
   inline X509* get() const { return cert_.get(); }
+  inline operator X509*() const { return cert_.get(); }
+  inline operator const X509*() const { return cert_.get(); }
   void reset(X509* cert = nullptr);
   X509* release();
 
diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
index 2d1158313c85226..b90415cb33981a1 100644
--- a/src/crypto/crypto_common.cc
+++ b/src/crypto/crypto_common.cc
@@ -83,7 +83,7 @@ bool UseSNIContext(
   STACK_OF(X509)* chain;
 
   int err = SSL_CTX_get0_chain_certs(ctx, &chain);
-  if (err == 1) err = SSL_use_certificate(ssl.get(), x509.get());
+  if (err == 1) err = SSL_use_certificate(ssl.get(), x509);
   if (err == 1) err = SSL_use_PrivateKey(ssl.get(), pkey);
   if (err == 1 && chain != nullptr) err = SSL_set1_chain(ssl.get(), chain);
   return err == 1;
diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
index 21021094da3c2bc..db6f437759c3ecc 100644
--- a/src/crypto/crypto_context.cc
+++ b/src/crypto/crypto_context.cc
@@ -787,9 +787,8 @@ void SecureContext::SetCACert(const BIOPointer& bio) {
   while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
              bio.get(), nullptr, NoPasswordCallback, nullptr))) {
     CHECK_EQ(1,
-             X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(),
-                                 x509.get()));
-    CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509.get()));
+             X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(), x509));
+    CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509));
   }
 }
 
diff --git a/src/crypto/crypto_x509.cc b/src/crypto/crypto_x509.cc
index da8b07b5e038b28..4349cc7811d336e 100644
--- a/src/crypto/crypto_x509.cc
+++ b/src/crypto/crypto_x509.cc
@@ -66,9 +66,11 @@ MaybeLocal<Value> GetFingerprintDigest(Environment* env,
   auto fingerprint = cert.getFingerprint(method);
   // Returning an empty string indicates that the digest failed for
   // some reason.
-  if (fingerprint == "") return Undefined(env->isolate());
-  return OneByteString(
-      env->isolate(), fingerprint.data(), fingerprint.length());
+  if (!fingerprint.has_value()) [[unlikely]] {
+    return Undefined(env->isolate());
+  }
+  auto& fp = fingerprint.value();
+  return OneByteString(env->isolate(), fp.data(), fp.length());
 }
 
 template <const EVP_MD* (*algo)()>