If I run that command manually it doesn't appear to do anything except output 
'recognized usages"
If I try it without the -show_chain flag I get

# openssl verify -verbose -CAfile /etc/ipa/ca.crt /var/lib/ipa/ra-agent.pem
/var/lib/ipa/ra-agent.pem: O = IPA.****.NET, CN = IPA RA
error 20 at 0 depth lookup:unable to get local issuer certificate

The only information in the access log while healthcheck is running is a number 
of these

[04/Apr/2024:15:09:46 +0000] "POST 
https://ipa1-sea2.ipa.****.net:443/ca/agent/ca/displayBySerial HTTP/1.1" 403 229

But those coincide with the healthcheck checking other certificates managed by 
certmonger where the error shown by healthcheck is
 [SSL: SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1822)",

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
Do not reply to spam, report it: 

Reply via email to