#8231 healthcheck: add certificate serial number uniqueness check
Closed: duplicate 4 years ago by rcritten. Opened 4 years ago by ftweedal.

Request for enhancement

In a recent customer case, IPA RA certificate authentication to pki-tomcatd was failing. It was quite hard to diagnose, but turned out to be that the IPA RA cert had the same serial number as the LDAP service certificate. pki-tomatd had already seen the LDAP certificate (due to ldaps connection). As a consequence, when it saw the IPA RA certificate with the same serial number, it rejected it.

(The duplicate serial number probably arose due to replication and/or range conflicts).

Update health check tool to detect cases of duplicate issuer/serial on IPA infra system certificates. It should load the whole set of relevant certificates on the host, and check for duplicates.


Metadata Update from @rcritten:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata