diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go
index d5a91e2ff..d94cf199a 100644
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@@ -569,7 +569,7 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
 			return
 		}
 		if !skipContentSha256Cksum(r) {
-			sha256hex = r.Header.Get("X-Amz-Content-Sha256")
+			sha256hex = getContentSha256Cksum(r)
 		}
 	}
 
@@ -866,7 +866,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
 		}
 
 		if !skipContentSha256Cksum(r) {
-			sha256hex = r.Header.Get("X-Amz-Content-Sha256")
+			sha256hex = getContentSha256Cksum(r)
 		}
 	}
 
diff --git a/cmd/signature-v4.go b/cmd/signature-v4.go
index 007a66922..b66bdc9b9 100644
--- a/cmd/signature-v4.go
+++ b/cmd/signature-v4.go
@@ -289,7 +289,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
 	/// Verify finally if signature is same.
 
 	// Get canonical request.
-	presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method)
+	presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, unsignedPayload, encodedQuery, req.URL.Path, req.Method)
 
 	// Get string to sign from canonical request.
 	presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())