Export full CA chain to /etc/ipa/ca.crt in ipa-server-install.

Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-07-03 11:59:00 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-07-30 16:04:21 +0200
commit: f1e186d7d879098b37ba6c3f6ea257942381d4c1 (patch)
tree: 326a3c63dc0d21016c06e14ca9795fb3f8f60ccc /install/tools
parent: 60e19b585cc12e5b4d51b2d18c504f253cc692ca (diff)
download: freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.tar.gz
freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.tar.xz
freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9b76e9510..dc3655b8e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1162,6 +1162,11 @@ def main():
             subject_base=options.subject, auto_redirect=options.ui_redirect)
     tasks.restore_context(paths.CACHE_IPA_SESSIONS)
 
+    # Export full CA chain
+    ca_db = certs.CertDB(realm_name)
+    os.chmod(CACERT, 0644)
+    ca_db.publish_ca_cert(CACERT)
+
     set_subject_in_config(realm_name, dm_password, ipautil.realm_to_suffix(realm_name), options.subject)
 
     # Apply any LDAP updates. Needs to be done after the configuration file
author	Jan Cholasta <jcholast@redhat.com>	2014-07-03 11:59:00 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-07-30 16:04:21 +0200
commit	f1e186d7d879098b37ba6c3f6ea257942381d4c1 (patch)
tree	326a3c63dc0d21016c06e14ca9795fb3f8f60ccc /install/tools
parent	60e19b585cc12e5b4d51b2d18c504f253cc692ca (diff)
download	freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.tar.gz freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.tar.xz freeipa-f1e186d7d879098b37ba6c3f6ea257942381d4c1.zip