Use the caIPAserviceCert profile for issuing service certs.

This profile enables subject validation and ensures that the subject
that the CA issues is uniform. The client can only request a specific
CN, the rest of the subject is fixed.

This is the first step of allowing the subject to be set at
installation time.

Also fix 2 more issues related to the return results migration.

1 files changed, 2 insertions, 2 deletions

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index a7cd4155f..a22d0753e 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -179,7 +179,7 @@ class cert_request(VirtualCommand):
         # going to add it
         try:
             if not principal.startswith('host/'):
-                service = api.Command['service_show'](principal, all=True, raw=True)
+                service = api.Command['service_show'](principal, all=True, raw=True)['result']
                 dn = service['dn']
             else:
                 realm = principal.find('@')
@@ -196,7 +196,7 @@ class cert_request(VirtualCommand):
             if not add:
                 raise errors.NotFound(reason="The service principal for this request doesn't exist.")
             try:
-                service = api.Command['service_add'](principal, **{})
+                service = api.Command['service_add'](principal, **{})['result']
                 dn = service['dn']
             except errors.ACIError:
                 raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services')