$ sudo ipa-healthcheck --severity CRITICAL --severity ERROR --failures-only
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
ra.get_certificate(): EXCEPTION (Invalid Credential.)
[
{
"source": "ipahealthcheck.ipa.certs",
"kw": {
"msg": "RA agent description does not match 2;44;CN=Certificate Authority,O=
IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET in LDAP and 2;7;CN=Certificate Authority,O=
IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET expected",
"got": "2;44;CN=Certificate Authority,O=
IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET",
"expected": "2;7;CN=Certificate Authority,O=
IPA.PDP7.NET;CN=IPA RA,O=
IPA.PDP7.NET"
},
"uuid": "0bfa6af6-5dd9-4505-89dc-a733060042a4",
"duration": "0.037322",
"when": "20191221123847Z",
"check": "IPARAAgent",
"result": "ERROR"
},
{
"source": "ipahealthcheck.ipa.certs",
"kw": {
"msg": "Request for certificate failed, Certificate operation cannot be completed: EXCEPTION (Invalid Credential.)",
"key": "20181108202133"
},
"uuid": "bd04fd67-7b3e-4d2f-a87e-ff15563808e0",
"duration": "0.491949",
"when": "20191221123848Z",
"check": "IPACertRevocation",
"result": "ERROR"
},
... the second one is repeated a bunch of times. If I go into the replica web UI to check cert 7, I get very much the same error:
However, if I go to the first IPA server I created, I can view the cert normally. How should I proceed?