Support installing with custom SSL certs, without a CA

Design: http://freeipa.org/page/V3/CA-less_install
https://fedorahosted.org/freeipa/ticket/3363

1 files changed, 4 insertions, 3 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 94d60bec6..a0f20e44b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -536,6 +536,9 @@ def main():
             fd.write("ra_plugin=dogtag\n")
             fd.write("dogtag_version=%s\n" %
                 dogtag.install_constants.DOGTAG_VERSION)
+        else:
+            fd.write("enable_ra=False\n")
+            fd.write("ra_plugin=none\n")
         fd.write("mode=production\n")
         fd.close()
     finally:
@@ -560,9 +563,7 @@ def main():
     sstore.backup_state("install", "group_exists", group_exists)
 
     #Automatically disable pkinit w/ dogtag until that is supported
-    #[certs.ipa_self_signed() must be called only after api.finalize()]
-    if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
-        options.setup_pkinit = False
+    options.setup_pkinit = False
 
     # Install CA cert so that we can do SSL connections with ldap
     install_ca_cert(config)