--- loncom/Lond.pm	2018/12/10 18:56:18	1.13
+++ loncom/Lond.pm	2018/12/22 17:06:02	1.14
@@ -1,6 +1,6 @@
 # The LearningOnline Network
 #
-# $Id: Lond.pm,v 1.13 2018/12/10 18:56:18 raeburn Exp $
+# $Id: Lond.pm,v 1.14 2018/12/22 17:06:02 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -821,6 +821,12 @@ sub server_certs {
                      ca       => 'lonnetCertificateAuthority',
                    );
     my (%md5hash,%expected_cn,%expired,%revoked,%wrongcn,%info,$crlfile);
+    %info = (
+                key => {},
+                ca  => {},
+                host => {},
+                hostname => {},
+            ); 
     if (ref($perlvar) eq 'HASH') {
         $expected_cn{'host'} = $Apache::lonnet::serverhomeIDs{$hostname};
         $expected_cn{'hostname'} = 'internal-'.$hostname;
@@ -877,6 +883,7 @@ sub server_certs {
                             $info{$key}{'size'} = $x509->bit_length();
                             $info{$key}{'email'} = $x509->email();
                             $info{$key}{'serial'} = $x509->serial();
+                            $info{$key}{'issuerhash'} = $x509->issuer_hash();
                             if ($x509->checkend(0)) {
                                 $expired{$key} = 1;
                             }
@@ -939,6 +946,9 @@ sub server_certs {
                     $info{$key}{'status'} = 'expired';
                 } elsif ($wrongcn{$key}) {
                     $info{$key}{'status'} = 'wrongcn';
+                } elsif ((exists($info{'ca'}{'issuerhash'})) &&
+                         ($info{'ca'}{'issuerhash'} ne $info{$key}{'issuerhash'})) {
+                    $info{$key}{'status'} = 'mismatch';
                 } else {
                     $info{$key}{'status'} = 'ok';
                 }