30.2. Screening certificates using the Healthcheck tool

Prerequisites

• You have root privileges.

Procedure

• Enter:

  # ipa-healthcheck --source=ipahealthcheck.ipa.certs

  • The --source=ipahealthcheck.ipa.certs option ensures that IdM Healthcheck only performs the certmonger certificate tests.

    Successful test displays empty brackets:

    []

    Failed test shows you the following output:

    {
      "source": "ipahealthcheck.ipa.certs",
      "check": "IPACertfileExpirationCheck",
      "result": "ERROR",
      "kw": {
        "key": 1234,
        "dbdir": "/path/to/nssdb",
        "error": [error],
        "msg": "Unable to open NSS database '/path/to/nssdb': [error]"
      }
    }

    This IPACertfileExpirationCheck test failed on opening the NSS database.

  注意

  Run this suite of Healthcheck tests on all IdM servers when trying to check for issues.