Jeremy Tourville via FreeIPA-users wrote: > I ran a health check on my server today and received an error similar to the > example from > https://github.com/freeipa/freeipa-healthcheck/blob/master/README.md > My system is running FreeIPA 4.9.10 > { > { > "source": "ipahealthcheck.ipa.certs", > "check": "IPACertNSSTrust", > "result": "ERROR", > "kw": { > "key": "caSigningCert cert-pki-ca some-random-string-of-numbers", > "expected": "CTu,Cu,Cu", > "got": "u,u,u", > "nickname": "caSigningCert cert-pki-ca some-random-string-of-numbers", > "dbdir": "/etc/pki/pki-tomcat/alias", > "msg": "Incorrect NSS trust for {nickname} in {dbdir}. Got {got} expected > {expected}" > } > } > > How do I troubleshoot/fix? I presume the message is due to the extra "stuff" > in the key.
It looks like a sub CA which should not be validated by ipa-healthcheck. What version of ipa-healthcheck do you have? rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
