summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install/ipa-client-install
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-06-11 11:02:29 -0400
committerRob Crittenden <rcritten@redhat.com>2010-06-21 09:52:15 -0400
commit4ca95a0cbfa5bb50d90cda496db6558ba3d5544e (patch)
treeb289c9645a535aaeb8b154b317f61693215e6bda /ipa-client/ipa-install/ipa-client-install
parentebab635250715e88ed2506a8043813cc9915936b (diff)
downloadfreeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.tar.gz
freeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.tar.xz
freeipa-4ca95a0cbfa5bb50d90cda496db6558ba3d5544e.zip
Retrieve the CA certificate before starting enrollment.
We need the CA certificate so we can use SSL when binding with a one-time password (bulk enrollment)
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-xipa-client/ipa-install/ipa-client-install11
1 files changed, 9 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index c1cc40a71..5952c941b 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -539,6 +539,15 @@ def main():
if options.principal is None and options.password is None and options.prompt_password is False:
options.principal = user_input("Principal", allow_empty=False)
+ # Get the CA certificate
+ try:
+ # Remove anything already there so that wget doesn't use its
+ # too-clever renaming feature
+ os.remove("/etc/ipa/ca.crt")
+ except:
+ pass
+ run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server])
+
if not options.on_master:
# First test out the kerberos configuration
try:
@@ -621,8 +630,6 @@ def main():
return 1
print "Configured /etc/ldap.conf"
- # Get the CA certificate
- run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server])
# Add the CA to the default NSS database and trust it
run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"])
generated by cgit (git 2.34.1) at 2024-04-24 12:41:58 +0000