diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-12-08 16:35:12 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
| commit | bfaea1dd78bbf6de0248ef8e33784d57ead9d24a (patch) | |
| tree | d4a027d5056ea909017536de111d47394e9271b3 /install/tools/ipa-server-install | |
| parent | 2efc08a6fc8c0407ff2169e3ef7eed92eaaa6545 (diff) | |
| download | freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.gz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.xz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.zip | |
Move Selfsigned CA creation out of dsinstance
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 67c1a004e..7fa6c71df 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -420,8 +420,8 @@ def uninstall(): ntpinstance.NTPInstance(fstore).uninstall() if cainstance.CADSInstance().is_configured(): cainstance.CADSInstance().uninstall() - if cainstance.CAInstance(api.env.realm).is_configured(): - cainstance.CAInstance(api.env.realm).uninstall() + if cainstance.CAInstance(api.env.realm, certs.NSS_DIR).is_configured(): + cainstance.CAInstance(api.env.realm, certs.NSS_DIR).uninstall() bindinstance.BindInstance(fstore).uninstall() httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() @@ -693,7 +693,12 @@ def main(): ntp = ntpinstance.NTPInstance(fstore) ntp.create_instance() - if not options.selfsign: + if options.selfsign: + ca = certs.CertDB(realm_name, host_name=host_name, + subject_base=options.subject) + ca.create_self_signed() + ca.publish_ca_cert("/etc/ipa/ca.crt") + else: # Clean up any previous self-signed CA that may exist try: os.remove(certs.CA_SERIALNO) @@ -720,7 +725,7 @@ def main(): if options.external_cert_file is None: cs = cainstance.CADSInstance() cs.create_instance("pkisrv", realm_name, host_name, domain_name, dm_password) - ca = cainstance.CAInstance(realm_name) + ca = cainstance.CAInstance(realm_name, certs.NSS_DIR) if external == 0: ca.configure_instance("pkiuser", host_name, dm_password, dm_password, subject_base=options.subject) elif external == 1: |