diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 09:04:21 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
| commit | fac6bf30b6ed91ab595e8a5e5c39a5934de6f0b6 (patch) | |
| tree | c23db637dc7d1bdb216f577bb09928f935d714d3 /install/restart_scripts | |
| parent | 2c466b79e80b8549831357b05891f3fb8dcbdaa0 (diff) | |
| download | freeipa-fac6bf30b6ed91ab595e8a5e5c39a5934de6f0b6.tar.gz freeipa-fac6bf30b6ed91ab595e8a5e5c39a5934de6f0b6.tar.xz freeipa-fac6bf30b6ed91ab595e8a5e5c39a5934de6f0b6.zip | |
Merge restart_httpd functionality to renew_ra_cert.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/restart_scripts')
| -rw-r--r-- | install/restart_scripts/renew_ra_cert | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 7dc2c57e7..79bc4cf58 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -34,15 +34,17 @@ def main(): api.bootstrap(context='restart') api.finalize() - # Fetch the new certificate - db = certs.CertDB(api.env.realm) - dercert = db.get_cert_from_db(nickname, pem=False) - if not dercert: - syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname) - sys.exit(1) - - # Load it into dogtag - cainstance.update_people_entry(dercert) + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(): + # Fetch the new certificate + db = certs.CertDB(api.env.realm) + dercert = db.get_cert_from_db(nickname, pem=False) + if not dercert: + syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname) + sys.exit(1) + + # Load it into dogtag + cainstance.update_people_entry(dercert) # Now restart Apache so the new certificate is available syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd") |