diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-03-14 13:58:27 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-04-02 15:28:50 +0200 |
commit | 03a2c66eda695ad2d4bfe675fa2902035e6b37f0 (patch) | |
tree | 6f497733efb8da696a82730f455ad4b6310bb612 /install/tools/ipa-replica-install | |
parent | a03aba5704036e375fab36ed2b7cbbc31adf5411 (diff) | |
download | freeipa-03a2c66eda695ad2d4bfe675fa2902035e6b37f0.tar.gz freeipa-03a2c66eda695ad2d4bfe675fa2902035e6b37f0.tar.xz freeipa-03a2c66eda695ad2d4bfe675fa2902035e6b37f0.zip |
Support installing with custom SSL certs, without a CA
Design: http://freeipa.org/page/V3/CA-less_install
https://fedorahosted.org/freeipa/ticket/3363
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 94d60bec6..a0f20e44b 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -536,6 +536,9 @@ def main(): fd.write("ra_plugin=dogtag\n") fd.write("dogtag_version=%s\n" % dogtag.install_constants.DOGTAG_VERSION) + else: + fd.write("enable_ra=False\n") + fd.write("ra_plugin=none\n") fd.write("mode=production\n") fd.close() finally: @@ -560,9 +563,7 @@ def main(): sstore.backup_state("install", "group_exists", group_exists) #Automatically disable pkinit w/ dogtag until that is supported - #[certs.ipa_self_signed() must be called only after api.finalize()] - if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed(): - options.setup_pkinit = False + options.setup_pkinit = False # Install CA cert so that we can do SSL connections with ldap install_ca_cert(config) |