diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-06-11 11:02:29 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-06-21 09:52:15 -0400 |
commit | 4ca95a0cbfa5bb50d90cda496db6558ba3d5544e (patch) | |
tree | b289c9645a535aaeb8b154b317f61693215e6bda | |
parent | ebab635250715e88ed2506a8043813cc9915936b (diff) | |
download | freeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.tar.gz freeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.tar.xz freeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.zip |
Retrieve the CA certificate before starting enrollment.
We need the CA certificate so we can use SSL when binding with a
one-time password (bulk enrollment)
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index c1cc40a71..5952c941b 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -539,6 +539,15 @@ def main(): if options.principal is None and options.password is None and options.prompt_password is False: options.principal = user_input("Principal", allow_empty=False) + # Get the CA certificate + try: + # Remove anything already there so that wget doesn't use its + # too-clever renaming feature + os.remove("/etc/ipa/ca.crt") + except: + pass + run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server]) + if not options.on_master: # First test out the kerberos configuration try: @@ -621,8 +630,6 @@ def main(): return 1 print "Configured /etc/ldap.conf" - # Get the CA certificate - run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server]) # Add the CA to the default NSS database and trust it run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) |