Red Hat Training

A Red Hat training course is available for RHEL 8

101.2. 使用 Healthcheck 强制系统证书

按照以下流程,使用 Healthcheck 工具运行身份管理(IdM)证书的独立的手动测试。

由于 Healthcheck 工具包含许多测试,因此您可以通过仅包含 DogTag 测试来缩小结果范围:-- source=ipahealthcheck.dogtag.ca

流程

  • 要运行限制为 DogTag 证书的 Healthcheck,请输入:

    # ipa-healthcheck --source=ipahealthcheck.dogtag.ca

测试成功示例:

{
  "source: ipahealthcheck.dogtag.ca",
  "check: DogtagCertsConfigCheck",
  "result: SUCCESS",
  "uuid: 9b366200-9ec8-4bd9-bb5e-9a280c803a9c",
  "when: 20191008135826Z",
  "duration: 0.252280",
  "kw:" {
    "key": "Server-Cert cert-pki-ca",
    "configfile":  "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
    }
}

测试失败的示例:

{
  "source: ipahealthcheck.dogtag.ca",
  "check: DogtagCertsConfigCheck",
  "result: CRITICAL",
  "uuid: 59d66200-1447-4b3b-be01-89810c803a98",
  "when: 20191008135912Z",
  "duration: 0.002022",
  "kw:" {
    "exception": "NSDB /etc/pki/pki-tomcat/alias not initialized",
    }
}

其它资源

  • 请参阅 man ipa-healthcheck