diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-04-15 12:19:11 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-04-15 21:12:36 +0200 |
commit | f684c6d6f8f8cde5689a92cf2b06914c3e3da34c (patch) | |
tree | 807412f94d71a20b279fcdb02835fb0d2f46f654 /ipaserver/install/cainstance.py | |
parent | ddeb1cea5564093799a6352b2c25bda68d971ce3 (diff) | |
download | freeipa-f684c6d6f8f8cde5689a92cf2b06914c3e3da34c.tar.gz freeipa-f684c6d6f8f8cde5689a92cf2b06914c3e3da34c.tar.xz freeipa-f684c6d6f8f8cde5689a92cf2b06914c3e3da34c.zip |
Use A/AAAA records instead of CNAME records in ipa-ca.
https://fedorahosted.org/freeipa/ticket/3547
Diffstat (limited to 'ipaserver/install/cainstance.py')
-rw-r--r-- | ipaserver/install/cainstance.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 3476b2c85..8c8994796 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -64,7 +64,7 @@ PKI_DS_USER = dogtag.install_constants.DS_USER # When IPA is installed with DNS support, this CNAME should hold all IPA # replicas with CA configured -IPA_CA_CNAME = "ipa-ca" +IPA_CA_RECORD = "ipa-ca" # We need to reset the template because the CA uses the regular boot # information @@ -1271,7 +1271,7 @@ class CAInstance(service.Service): changed = False # OCSP extension - ocsp_url = 'http://%s.%s/ca/ocsp' % (IPA_CA_CNAME, ipautil.format_netloc(domain)) + ocsp_url = 'http://%s.%s/ca/ocsp' % (IPA_CA_RECORD, ipautil.format_netloc(domain)) ocsp_location_0 = installutils.get_directive( self.dogtag_constants.IPA_SERVICE_PROFILE, @@ -1298,7 +1298,7 @@ class CAInstance(service.Service): # CRL extension - crl_url = 'http://%s.%s/ipa/crl/MasterCRL.bin'% (IPA_CA_CNAME, ipautil.format_netloc(domain)) + crl_url = 'http://%s.%s/ipa/crl/MasterCRL.bin'% (IPA_CA_RECORD, ipautil.format_netloc(domain)) crl_point_0 = installutils.get_directive( self.dogtag_constants.IPA_SERVICE_PROFILE, |