William Muriithi via FreeIPA-users wrote:
Morning Rob
>> What's the process for either removing or making it known?
>
> I'll add something to the program about this too but for now you can run:
>
> # getcert list -i 20170919231606
>
> That will tell us what it is. It is perfectly fine to have certmonger
> track other certs on the system. I display unexpected once as a
> just-in-case.
>
> It's supposed to display as just a warning. I'll fix that too since it
> is a little alarming.
This is the result I got on my end.:
Failures:
Unable to find request for serial 268304424
Unable to find request for serial 268304426
Unable to find request for serial 268304425
Unable to find request for serial 268304423
I'm not sure if this is an invalid test or a real error. I'm still
waiting on the dogtag team to respond to
https://bugzilla.redhat.com/show_bug.cgi?id=1641804 (your results are
slightly different but of the same theme).
Same as above.
I don't know yet if this is a harbinger of doom or a red herring :-/
Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/key3.db are 0600
and
should be 0640
Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/cert8.db are 0600 and
should be 0640
Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/secmod.db are 0600
and should be 0640
Yeah, this is probably fine. I may need to tweak the test to not look
for specific permissions but rather check what is required and that it
isn't too permissive.
Warnings:
Unknown certmonger ids: 20170812234301
This one is fine. I may make a note to add more details to this. It is
basically just a heads-up in case you have something tracked you forgot
about.
[root@lithium bin]#
The system so far seem healthy. Did these file permission had a
stricter access that was relaxed later? I have never attempted to
change them, at least impicitly
It may be related to different versions of IPA or something. This test
is intended to ensure the ownership and permissions aren't wildly either
too permissive or too restrictive. It apparently still needs some work.
rob