Introduce NSS database /etc/ipa/nssdb

This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-09-18 16:28:59 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-09-30 10:01:38 +0200
commit: 231f57cedb4fea26d3317fe2b1f30d043c7d2524 (patch)
tree: 568ca28e1e09751d0d8296d1d4338af813002e59 /ipa-client/ipaclient
parent: 2421b13a9b8bd79084e9cfe488690057445d7aa7 (diff)
download: freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.gz
freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.xz
freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py
index 8e7fe0470..57dbf200b 100644
--- a/ipa-client/ipaclient/ipa_certupdate.py
+++ b/ipa-client/ipaclient/ipa_certupdate.py
@@ -70,6 +70,15 @@ class CertUpdate(admintool.AdminTool):
 
     def update_client(self, certs):
         self.update_file(paths.IPA_CA_CRT, certs)
+        self.update_db(paths.IPA_NSSDB_DIR, certs)
+
+        for nickname in ('IPA CA', 'External CA cert'):
+            try:
+                ipautil.run([paths.CERTUTIL, '-D',
+                             '-d', paths.NSS_DB_DIR,
+                             '-n', nickname])
+            except ipautil.CalledProcessError, e:
+                pass
 
         self.update_db(paths.NSS_DB_DIR, certs)
author	Jan Cholasta <jcholast@redhat.com>	2014-09-18 16:28:59 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-09-30 10:01:38 +0200
commit	231f57cedb4fea26d3317fe2b1f30d043c7d2524 (patch)
tree	568ca28e1e09751d0d8296d1d4338af813002e59 /ipa-client/ipaclient
parent	2421b13a9b8bd79084e9cfe488690057445d7aa7 (diff)
download	freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.gz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.tar.xz freeipa-231f57cedb4fea26d3317fe2b1f30d043c7d2524.zip