diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 17:54:40 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
| commit | a8a44c1c714714d89ee5ac9b54611278de982d52 (patch) | |
| tree | a27185db11fd8d594885d423caa15572e0de0d6c /ipa-client | |
| parent | 52f72ec058f11b3ca494c696f7d6a5e16b44cd49 (diff) | |
| download | freeipa-a8a44c1c714714d89ee5ac9b54611278de982d52.tar.gz freeipa-a8a44c1c714714d89ee5ac9b54611278de982d52.tar.xz freeipa-a8a44c1c714714d89ee5ac9b54611278de982d52.zip | |
Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.
This is a no longer used nickname for CA certificate on CA-less server
installs.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipa-client')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 617db26f4..20ff8e12f 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -483,12 +483,16 @@ def uninstall(options, env): client_nss_nickname = client_nss_nickname_format % hostname # Remove our host cert and CA cert - if nickname_exists("IPA CA"): + for nickname in ('IPA CA', 'External CA cert'): + if not nickname_exists(nickname): + continue try: - run([paths.CERTUTIL, "-D", "-d", paths.NSS_DB_DIR, "-n", "IPA CA"]) + run([paths.CERTUTIL, "-D", + "-d", paths.NSS_DB_DIR, + "-n", nickname]) except Exception, e: root_logger.error( - "Failed to remove IPA CA from /etc/pki/nssdb: %s", str(e)) + "Failed to remove %s from /etc/pki/nssdb: %s", nickname, e) # Always start certmonger. We can't untrack something if it isn't # running |