diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-02-14 17:39:06 -0800 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-02-14 17:39:06 -0800 |
| commit | 5b1e7e3a5f65d193f850e2b282c611e9e2541b5c (patch) | |
| tree | fe55f1a0397d60dce1d3cc23b1e477f34bedcaa3 | |
| parent | 71c21b5293b706b1d772d11ef8a7ba8c1a3916ef (diff) | |
| download | freeipa-5b1e7e3a5f65d193f850e2b282c611e9e2541b5c.tar.gz freeipa-5b1e7e3a5f65d193f850e2b282c611e9e2541b5c.tar.xz freeipa-5b1e7e3a5f65d193f850e2b282c611e9e2541b5c.zip | |
Don't create a backup of the PKCS#12 cert on replicas
Name the file created by ipa-replica-prepare after the FQDN of the target
Resolves 432904
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 4 | ||||
| -rw-r--r-- | ipa-server/ipaserver/certs.py | 25 |
2 files changed, 17 insertions, 12 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 7bfc79124..14e57dde3 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -150,8 +150,8 @@ def main(): print "Finalizing configuration" save_config(dir, realm_name, host_name, ds_user) - print "Packaging the replica into %s" % "replica-info-" + realm_name - ipautil.run(["/bin/tar", "cfz", "replica-info-" + realm_name, "-C", top_dir, "realm_info"]) + print "Packaging the replica into %s" % "replica-info-" + replica_fqdn + ipautil.run(["/bin/tar", "cfz", "replica-info-" + replica_fqdn, "-C", top_dir, "realm_info"]) shutil.rmtree(dir) diff --git a/ipa-server/ipaserver/certs.py b/ipa-server/ipaserver/certs.py index 67c09046d..11b1096a5 100644 --- a/ipa-server/ipaserver/certs.py +++ b/ipa-server/ipaserver/certs.py @@ -150,20 +150,25 @@ class CertDB(object): "-z", self.noise_fname, "-f", self.passwd_fname]) - def export_ca_cert(self): + def export_ca_cert(self, create_pkcs12=False): + """create_pkcs12 tells us whether we should create a PKCS#12 file + of the CA or not. If we are running on a replica then we won't + have the private key to make a PKCS#12 file so we don't need to + do that step.""" # export the CA cert for use with other apps ipautil.backup_file(self.cacert_fname) self.run_certutil(["-L", "-n", "CA certificate", "-a", "-o", self.cacert_fname]) self.set_perms(self.cacert_fname) - ipautil.backup_file(self.pk12_fname) - ipautil.run(["/usr/bin/pk12util", "-d", self.secdir, - "-o", self.pk12_fname, - "-n", "CA certificate", - "-w", self.passwd_fname, - "-k", self.passwd_fname]) - self.set_perms(self.pk12_fname) + if create_pkcs12: + ipautil.backup_file(self.pk12_fname) + ipautil.run(["/usr/bin/pk12util", "-d", self.secdir, + "-o", self.pk12_fname, + "-n", "CA certificate", + "-w", self.passwd_fname, + "-k", self.passwd_fname]) + self.set_perms(self.pk12_fname) def load_cacert(self, cacert_fname): self.run_certutil(["-A", "-n", self.cacert_name, @@ -342,7 +347,7 @@ class CertDB(object): self.create_passwd_file(passwd) self.create_certdbs() self.create_ca_cert() - self.export_ca_cert() + self.export_ca_cert(True) self.create_pin_file() def create_from_cacert(self, cacert_fname, passwd=False): @@ -358,7 +363,7 @@ class CertDB(object): self.import_pkcs12(pkcs12_fname, pkcs12_pwd_fname) self.trust_root_cert(nickname) self.create_pin_file() - self.export_ca_cert() + self.export_ca_cert(False) def backup_files(self): sysrestore.backup_file(self.noise_fname) |