diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-03-26 15:31:07 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-04-02 15:28:50 +0200 |
| commit | 1bc892c02daf5e6295ac2e59f17499f6f168b899 (patch) | |
| tree | db06dde803df94c98995194d6f77d8aec68031d0 /ipaserver/install/certs.py | |
| parent | 03a2c66eda695ad2d4bfe675fa2902035e6b37f0 (diff) | |
| download | freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.tar.gz freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.tar.xz freeipa-1bc892c02daf5e6295ac2e59f17499f6f168b899.zip | |
Load the CA cert into server NSS databases
The CA cert was not loaded, so if it was missing from the PKCS#12 file,
installation would fail.
Pass the cert filename to the server installers and include it in
the NSS DB.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
Diffstat (limited to 'ipaserver/install/certs.py')
| -rw-r--r-- | ipaserver/install/certs.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 81f403df2..4f16e4d0f 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -375,7 +375,8 @@ class NSSDatabase(object): except RuntimeError: pass else: - raise ValueError('%s contains more than one certificate') + raise ValueError('%s contains more than one certificate' % + location) def add_single_pem_cert(self, nick, flags, cert): """Import a cert in PEM format""" @@ -1127,7 +1128,8 @@ class CertDB(object): self.create_certdbs() self.load_cacert(cacert_fname) - def create_from_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, passwd=None): + def create_from_pkcs12(self, pkcs12_fname, pkcs12_pwd_fname, passwd=None, + ca_file=None): """Create a new NSS database using the certificates in a PKCS#12 file. pkcs12_fname: the filename of the PKCS#12 file @@ -1137,6 +1139,8 @@ class CertDB(object): The global CA may be added as well in case it wasn't included in the PKCS#12 file. Extra certs won't hurt in any case. + + The global CA may be specified in ca_file, as a PEM filename. """ self.create_noise_file() self.create_passwd_file(passwd) @@ -1146,6 +1150,9 @@ class CertDB(object): if len(server_certs) == 0: raise RuntimeError("Could not find a suitable server cert in import in %s" % pkcs12_fname) + if ca_file: + self.nssdb.import_pem_cert('CA', 'CT,CT,', ca_file) + # We only handle one server cert nickname = server_certs[0][0] |