Hi,
"does it mean that they were replaced with externally-signed
server certificates using ipa-server-certinstall?"
yes , I replaced with externally-signed server certificates using certutil
less /var/log/pki/pki-tomcat/ca/debug.2022-12-13.log
2022-12-13 08:18:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 08:23:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 08:23:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:23:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 08:28:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:33:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 08:33:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 08:33:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:33:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 08:38:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 08:43:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 08:43:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:43:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 08:48:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
2022-12-13 08:48:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 08:53:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 08:53:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 08:53:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 08:58:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CRLIssuingPoint: Updating MasterCRL
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CASigningUnit: Getting algorithm
context for SHA256withRSA RSASignatureWithSHA256Digest
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CASigningUnit: Signing Certificate
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CRLReposiotry: Updating CRL issuing
point record
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: Getting crl
publishing rules
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapXCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapCaCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
FileCrlRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled: true
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: type: crl
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: predicate:
null
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapUserCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapCrlRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: Publishing CRL
130 to MasterCRL
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: Getting crl
publishing rules
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapXCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapCaCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
FileCrlRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled: true
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: type: crl
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: predicate:
null
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapUserCertRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: - name:
LdapCrlRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: PublisherProcessor: enabled:
false
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: Publishing
rules:
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: - rule:
FileCrlRule
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: mapper:
NoMap
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: Publishing to
CN=Certificate Authority,O=WINGON.HK
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: - publisher:
FileBaseCRLPublisher
2022-12-13 09:00:00 [CRLIssuingPoint-MasterCRL] INFO: CAPublisherProcessor: Published CRL
2022-12-13 09:03:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 09:03:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 09:03:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:03:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 09:08:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Updating serial
number counter
2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking serial
number ranges
2022-12-13 09:13:30 [SerialNumberUpdateTask] INFO: SerialNumberUpdateTask: Checking
request ID ranges
2022-12-13 09:13:31 [Timer-0] INFO: SessionTimer: checking security domain sessions
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating cert
status
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating invalid
certs to valid
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=INVALID)
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating valid
certs to expired
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=VALID)
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: dn:
cn=2,ou=certificateRepository,ou=ca,o=ipaca
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: CertStatusUpdateTask: Updating revoked
certs to expired
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: Searching
ou=certificateRepository, ou=ca,o=ipaca
2022-12-13 09:13:31 [CertStatusUpdateTask] INFO: DBVirtualList: filter:
(certStatus=REVOKED)
2022-12-13 09:18:30 [CRLIssuingPoint-MasterCRL] INFO: LDAPSession: Modifying LDAP entry
cn=MasterCRL,ou=crlIssuingPoints,ou=ca,o=ipaca
The debug log has no relevant error prompts