Morning Rob > > What's the process for either removing or making it known? > > I'll add something to the program about this too but for now you can run: > > # getcert list -i 20170919231606 > > That will tell us what it is. It is perfectly fine to have certmonger > track other certs on the system. I display unexpected once as a > just-in-case. > > It's supposed to display as just a warning. I'll fix that too since it > is a little alarming. This is the result I got on my end.:
Failures: Unable to find request for serial 268304424 Unable to find request for serial 268304426 Unable to find request for serial 268304425 Unable to find request for serial 268304423 Subject O=ENG.EXAMPLE.COM,CN=zinc.eng.example.com and template subject CN=lithium.eng.example.com,O=ENG.EXAMPLE.COM do not match for serial 77 Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/key3.db are 0600 and should be 0640 Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/cert8.db are 0600 and should be 0640 Permissions of /etc/dirsrv/slapd-ENG-EXAMPLE-COM/secmod.db are 0600 and should be 0640 Warnings: Unknown certmonger ids: 20170812234301 [root@lithium bin]# The system so far seem healthy. Did these file permission had a stricter access that was relaxed later? I have never attempted to change them, at least impicitly Regards, William _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org