[Freeipa-users] Re: Certificate 'caSigningCert cert-pki-ca' does not match the value of ca.signing.cert

Thu, 25 Aug 2022 05:43:05 -0700 

Thanks! Setting requiredSecret in /etc/pki/pki-tomcat/server.xml equal to 
secret improved things a little bit!

# ipa-healthcheck --severity ERROR
[
  {
    "source": "ipahealthcheck.ipa.certs",
    "check": "IPADogtagCertsMatchCheck",
    "result": "ERROR",
    "uuid": "7336ec84-03c6-4ddf-adb2-1070159fbaf8",
    "when": "20220825123343Z",
    "duration": "0.081966",
    "kw": {
      "key": "caSigningCert cert-pki-ca",
      "nickname": "caSigningCert cert-pki-ca",
      "dbdir": "/etc/pki/pki-tomcat/alias",
      "msg": "{nickname} certificate in NSS DB {dbdir} does not match entry in 
LDAP"
    }
  },
  {
    "source": "pki.server.healthcheck.meta.csconfig",
    "check": "CADogtagCertsConfigCheck",
    "result": "ERROR",
    "uuid": "4972c614-31d5-4472-8de7-b0cc522e2db6",
    "when": "20220825123359Z",
    "duration": "0.156108",
    "kw": {
      "key": "ca_signing",
      "nickname": "caSigningCert cert-pki-ca",
      "directive": "ca.signing.cert",
      "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg",
      "msg": "Certificate 'caSigningCert cert-pki-ca' does not match the value 
of ca.signing.cert in /var/lib/pki/pki-tomcat/ca/conf/CS.cfg"
    }
  }
]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to