diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-12-08 16:35:12 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
commit | bfaea1dd78bbf6de0248ef8e33784d57ead9d24a (patch) | |
tree | d4a027d5056ea909017536de111d47394e9271b3 /ipaserver/install/certs.py | |
parent | 2efc08a6fc8c0407ff2169e3ef7eed92eaaa6545 (diff) | |
download | freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.gz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.xz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.zip |
Move Selfsigned CA creation out of dsinstance
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index bd5c7bf9c..0a40c667c 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -47,6 +47,10 @@ from ipalib import api from ipalib.compat import sha1 +# Apache needs access to this database so we need to create it +# where apache can reach +NSS_DIR = "/etc/httpd/alias" + CA_SERIALNO="/var/lib/ipa/ca_serialno" def ipa_self_signed(): @@ -163,7 +167,7 @@ def next_replica(serial_file=CA_SERIALNO): return str(serial) class CertDB(object): - def __init__(self, nssdir, realm, fstore=None, host_name=None, subject_base=None): + def __init__(self, realm, nssdir=NSS_DIR, fstore=None, host_name=None, subject_base=None): self.secdir = nssdir self.realm = realm @@ -1040,3 +1044,7 @@ class CertDB(object): self.fstore.backup_file(self.pin_fname) self.fstore.backup_file(self.certreq_fname) self.fstore.backup_file(self.certder_fname) + + def publish_ca_cert(self, location): + shutil.copy(self.cacert_fname, location) + os.chmod(location, 0444) |