diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2014-08-08 16:09:42 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-09-06 19:09:18 -0400 |
| commit | 0f81268ec4a006625c8286ac7c6f5fed5aab7346 (patch) | |
| tree | 849b599137a4e88f9c364c9867b08977c12d516a /ipaserver/install/cainstance.py | |
| parent | f33adf22f80ebcdc0a17d732af99e0529df654f2 (diff) | |
| download | freeipa-0f81268ec4a006625c8286ac7c6f5fed5aab7346.tar.gz freeipa-0f81268ec4a006625c8286ac7c6f5fed5aab7346.tar.xz freeipa-0f81268ec4a006625c8286ac7c6f5fed5aab7346.zip | |
Fix some restart script issues found with certificate renewal.
The restart_dirsrv script wasn't initializing the api so the
startup_timeout wasn't available.
The subsystemCert cert-pki-ca definition was missing so we didn't
know which certificate to update in CS.cfg.
Add some documentation and a pause between restarts for the
renew_ca_cert script so that when the CA subsystem certs are renewed
they don't all try to restart the CA at the same time.
https://fedorahosted.org/freeipa/ticket/3006
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index b00ceeaed..1d953757c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1320,6 +1320,7 @@ def update_cert_config(nickname, cert): directives = {'auditSigningCert cert-pki-ca': 'ca.audit_signing.cert', 'ocspSigningCert cert-pki-ca': 'ca.ocsp_signing.cert', 'caSigningCert cert-pki-ca': 'ca.signing.cert', + 'subsystemCert cert-pki-ca': 'ca.subsystem.cert', 'Server-Cert cert-pki-ca': 'ca.sslserver.cert' } installutils.set_directive('/var/lib/%s/conf/CS.cfg' % PKI_INSTANCE_NAME, |