On 06-11-19 17:16, Rob Crittenden wrote:
Kees Bakker via FreeIPA-users wrote:
> Thanks Rob
>
> Here are my findings, mainly as an FYI.
>
> On the CA master it reports the following (which I have to investigate)
> [
> {
> "source": "ipahealthcheck.ipa.certs",
> "kw": {
> "msg": "Unknown certmonger id 20190412141828",
> "key": "20190412141828"
> },
> "uuid": "f3d6ccb9-fb82-49ac-aa02-f485d08826c3",
> "duration": "0.980984",
> "when": "20191106095349Z",
> "check": "IPACertTracking",
> "result": "WARNING"
> }
> ]
To see what the request is run:
# getcert list -i 20190412141828
It may be perfectly fine, it is acceptable to track other certs on the
master, it is just unexpected so healthcheck is warning about it.
The warning is for a cert that I created for a FreeRADIUS server (which
I never actually managed to get working).
The warning is a bit annoying because the cert is alright, I think. It is
listed with "status: MONITORING".
So, I think that the cert is not unknown to certmonger, despite what the
error suggests.
I am considering to create another cert for some other service, in the same
manner as I did for freeRADIUS. That new cert would then also be flagged with
a warning.
--
Kees