31.2. Screening system certificates using Healthcheck

Procedure

• Enter:

  # ipa-healthcheck --source=ipahealthcheck.dogtag.ca

  The --source=ipahealthcheck.dogtag.ca option ensures that Healthcheck only performs the certificate tests.

  An example of a successful test:

  {
    "source: ipahealthcheck.dogtag.ca",
    "check: DogtagCertsConfigCheck",
    "result: SUCCESS",
    "uuid: 9b366200-9ec8-4bd9-bb5e-9a280c803a9c",
    "when: 20191008135826Z",
    "duration: 0.252280",
    "kw:" {
      "key": "Server-Cert cert-pki-ca",
      "configfile":  "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
      }
  }

  An example of a failed test:

  {
    "source: ipahealthcheck.dogtag.ca",
    "check: DogtagCertsConfigCheck",
    "result: CRITICAL",
    "uuid: 59d66200-1447-4b3b-be01-89810c803a98",
    "when: 20191008135912Z",
    "duration: 0.002022",
    "kw:" {
      "exception": "NSDB /etc/pki/pki-tomcat/alias not initialized",
      }
  }

  注意

  Run the certificate tests on all IdM servers when trying to find an issue.