Menu Close

20.2. 使用 Healthcheck 输出系统证书

这部分论述了使用 Healthcheck 工具测试 Identity Management(IdM)证书的独立手动测试。

由于 Healthcheck 工具包括许多测试,您可以通过只包括 DogTag 测试:--source=ipahealthcheck.dogtag.ca 来缩小结果范围

步骤

  • 要运行 Healthcheck 限制为 DogTag 证书,请输入:

    # ipa-healthcheck --source=ipahealthcheck.dogtag.ca

成功测试示例:

{
  "source: ipahealthcheck.dogtag.ca",
  "check: DogtagCertsConfigCheck",
  "result: SUCCESS",
  "uuid: 9b366200-9ec8-4bd9-bb5e-9a280c803a9c",
  "when: 20191008135826Z",
  "duration: 0.252280",
  "kw:" {
    "key": "Server-Cert cert-pki-ca",
    "configfile":  "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
    }
}

一个失败的测试示例:

{
  "source: ipahealthcheck.dogtag.ca",
  "check: DogtagCertsConfigCheck",
  "result: CRITICAL",
  "uuid: 59d66200-1447-4b3b-be01-89810c803a98",
  "when: 20191008135912Z",
  "duration: 0.002022",
  "kw:" {
    "exception": "NSDB /etc/pki/pki-tomcat/alias not initialized",
    }
}

其他资源

  • 请参阅 man ipa-healthcheck