Creating the LDAP certificate hash

Tags:

Summary

If you use a self-signed certificate to secure your LDAP connections, and you are managing SUDO through LDAP, then you will need to install your public CA certificate on each client machine in the /etc/openldap/cacerts directory along with an md5 hash of the certificate.

Adding the md5 hash

Change to the directory, /etc/openldap/cacerts and run the following command:

ln -s <CA certificate> `openssl x509 -noout -hash -in <CA certificate>`.0

Example:

ln -s ca_public.crt `openssl x509 -noout -hash -in ca_public.crt`.0