Notes and Stuff
It’s possible to check a certificate fingerprint using openssl:
openssl x509 -noout -fingerprint -sha1 -inform pem -in [cert-file]
openssl x509 -noout -fingerprint -sha256 -inform pem -in [cert-file]
openssl x509 -noout -fingerprint -md5 -inform pem -in [cert-file]
I’ve never ever had any problem using fingerprint authentication on openSUSE 42.1, it worked just out of the box, but when I switched back to Fedora (again), I had some issues configuring it.
On Fedora 26, by default, fingerprint authentication works only for logins but not for sudo. To enable this:
authconfig --enablefingerprint --update
If you’re using an older version of Fedora you can also use:
authconfig-tui