If I run that command manually it doesn't appear to do anything except output 'recognized usages" If I try it without the -show_chain flag I get
# openssl verify -verbose -CAfile /etc/ipa/ca.crt /var/lib/ipa/ra-agent.pem /var/lib/ipa/ra-agent.pem: O = IPA.****.NET, CN = IPA RA error 20 at 0 depth lookup:unable to get local issuer certificate The only information in the access log while healthcheck is running is a number of these [04/Apr/2024:15:09:46 +0000] "POST https://ipa1-sea2.ipa.****.net:443/ca/agent/ca/displayBySerial HTTP/1.1" 403 229 But those coincide with the healthcheck checking other certificates managed by certmonger where the error shown by healthcheck is [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1822)", -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue