diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-12-08 16:35:12 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
| commit | bfaea1dd78bbf6de0248ef8e33784d57ead9d24a (patch) | |
| tree | d4a027d5056ea909017536de111d47394e9271b3 /ipaserver/install/cainstance.py | |
| parent | 2efc08a6fc8c0407ff2169e3ef7eed92eaaa6545 (diff) | |
| download | freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.gz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.xz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.zip | |
Move Selfsigned CA creation out of dsinstance
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 4a645bc84..e03adfb9b 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -341,8 +341,8 @@ class CADSInstance(service.Service): class CAInstance(service.Service): """ - In the self-signed case (all done in certs.py) the CA exists in the DS - database. When using a dogtag CA the DS database contains just the + In the self-signed case the CA exists in the NSS_DB database. + When using a dogtag CA the DS database contains just the server cert for DS. The mod_nss database will contain the RA agent cert that will be used to do authenticated requests against dogtag. @@ -357,7 +357,7 @@ class CAInstance(service.Service): 2 = have signed cert, continue installation """ - def __init__(self, realm): + def __init__(self, realm, ra_db): service.Service.__init__(self, "pki-cad") self.realm = realm self.pki_user = "pkiuser" @@ -378,7 +378,7 @@ class CAInstance(service.Service): self.canickname = get_ca_nickname(realm) self.basedn = "o=ipaca" self.ca_agent_db = tempfile.mkdtemp(prefix = "tmp-") - self.ra_agent_db = "/etc/httpd/alias" + self.ra_agent_db = ra_db self.ra_agent_pwd = self.ra_agent_db + "/pwdfile.txt" self.ds_port = DEFAULT_DSPORT self.domain_name = "IPA" @@ -1000,5 +1000,5 @@ if __name__ == "__main__": installutils.standard_logging_setup("install.log", False) cs = CADSInstance() cs.create_instance("dirsrv", "EXAMPLE.COM", "catest.example.com", "example.com", "password") - ca = CAInstance("EXAMPLE.COM") + ca = CAInstance("EXAMPLE.COM", "/etc/httpd/alias") ca.configure_instance("pkiuser", "catest.example.com", "password", "password") |