I'm seeing the following two errors on running ipahealthcheck. This is on an up to date RHEL 8.3 system in a 2 server topology with self signed CA.
DOMAIN.COM IPA CA not found, assuming 3rd party
DOMAIN.COM IPA CA not found, assuming 3rd party
[
{
"source": "pki.server.healthcheck.meta.csconfig",
"check": "CADogtagCertsConfigCheck",
"result": "ERROR",
"uuid": "da820035-6955-436f-9bf5-bde578b27920",
"when": "20201221130025Z",
"duration": "0.172261",
"kw": {
"key": "ca_signing",
"nickname": "caSigningCert cert-pki-ca",
"directive": "ca.signing.cert",
"configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg",
"msg": "Certificate 'caSigningCert cert-pki-ca' does not match the value of ca.signing.cert in /var/lib/pki/pki-tomcat/ca/conf/CS.cfg"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertTracking",
"result": "ERROR",
"uuid": "cfba0bf1-4e4b-40d6-9d26-455bab9c9057",
"when": "20201221130027Z",
"duration": "0.307626",
"kw": {
"key": "cert-database=/etc/pki/pki-tomcat/alias, cert-nickname=caSigningCert cert-pki-ca, ca-name=dogtag-ipa-ca-renew-agent, cert-presave-command=/usr/libexec/ipa/certmonger/stop_pkicad, cert-postsave-command=/usr/libexec/ipa/certmonger/renew_ca_cert \"caSigningCert cert-pki-ca\", template-profile=caCACert",
"msg": "Missing tracking for cert-database=/etc/pki/pki-tomcat/alias, cert-nickname=caSigningCert cert-pki-ca, ca-name=dogtag-ipa-ca-renew-agent, cert-presave-command=/usr/libexec/ipa/certmonger/stop_pkicad, cert-postsave-command=/usr/libexec/ipa/certmonger/renew_ca_cert \"caSigningCert cert-pki-ca\", template-profile=caCACert"
}
},
...