30.2. 使用 Healthcheck 强制系统证书

流程

• 输入：

  # ipa-healthcheck --source=ipahealthcheck.dogtag.ca

  Copy to Clipboard

  --source=ipahealthcheck.dogtag.ca 选项可确保 Healthcheck 仅执行证书测试。

  测试成功示例：

  {
    "source: ipahealthcheck.dogtag.ca",
    "check: DogtagCertsConfigCheck",
    "result: SUCCESS",
    "uuid: 9b366200-9ec8-4bd9-bb5e-9a280c803a9c",
    "when: 20191008135826Z",
    "duration: 0.252280",
    "kw:" {
      "key": "Server-Cert cert-pki-ca",
      "configfile":  "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
      }
  }

  Copy to Clipboard

  测试失败的示例：

  {
    "source: ipahealthcheck.dogtag.ca",
    "check: DogtagCertsConfigCheck",
    "result: CRITICAL",
    "uuid: 59d66200-1447-4b3b-be01-89810c803a98",
    "when: 20191008135912Z",
    "duration: 0.002022",
    "kw:" {
      "exception": "NSDB /etc/pki/pki-tomcat/alias not initialized",
      }
  }

  Copy to Clipboard