The main goal of this tool is to provide verifications that can be done on a FreeIPA environment; in order to help the users of the projects to have a feedback about the certificates.
- Check if the certificates expired (or are not valid yet)
- Check if the certificates are on the right path
- Check if they have the expected trust flags
- Check if certmonger is monitoring the certs
- If the environment has the KRA module, check if it has the right certificate.
- Check if PKI certificates in IPA NSS databases map correctly to PKI user in PKI LDAP DB
- Clone the project
git clone https://github.com/felipevolpone/freeipa-health-checker.git
cd freeipa-health-checker
- Start using it:
PS: All commands has the
config-file
optional argument. With it, you can provide a YAML file that overrides the default configurations. Check it here to more details.
python -m freeipa_health_checker.checker -h
python -m freeipa_health_checker.checker ck_kra_setup [--config-file]
python -m freeipa_health_checker.checker full_check [--config-file]
python -m freeipa_health_checker.checker ck_ra_cert [--pem-dir | --nssdb-dir]
Please, check the Wiki in the GitHub page.
Since this is part of the FreeIPA project, you can join us in the #freeipa channel on freenode.
This project actually is a prove of concept (PoC), which means that things can change really quickly and without any previous warning.
It is relevant to say that the unit tests do not use any mock. So, it's
necessary to have the certutil command installed on the machine. Check the
How to use it
section.
How to run the tests:
python -m unittest discover tests -p '*.py'
Please check the issues