diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 6606ba5..1969340 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -13,6 +13,14 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: get ca certificate hash
+  command: "openssl x509 -in /srv/ca/certs/ca.crt -noout -hash"
+  delegate_to: localhost
+  register: result
+- name: store ca certificate hash
+  set_fact:
+    pki_cacert_hash: "{{ result.stdout }}"
+
 - name: copy host certificate
   copy:
     src: "/srv/ca/certs/{{ inventory_hostname }}.crt"