diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-11-03 18:17:36 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-11-18 15:09:57 -0500 |
commit | 345fc79f039d217316c5d2df5ef59952a8130a96 (patch) | |
tree | 7ded40f684ab7c31edf9f052b9a34afb8729c2af /ipaserver/install/certs.py | |
parent | 8c616eb10a5f246a9518a8ae20a4144c756d5b61 (diff) | |
download | freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.tar.gz freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.tar.xz freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.zip |
pkinit-replica: create certificates for replicas too
altough the kdc certificate name is not tied to the fqdn we create separate
certs for each KDC so that renewal of each of them is done separately.
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 3fa65207c..bd5c7bf9c 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -865,6 +865,13 @@ class CertDB(object): "-k", self.passwd_fname, "-w", pkcs12_pwd_fname]) + def export_pem_p12(self, pkcs12_fname, pkcs12_pwd_fname, + nickname, pem_fname): + ipautil.run(["/usr/bin/openssl", "pkcs12", + "-export", "-name", nickname, + "-in", pem_fname, "-out", pkcs12_fname, + "-passout", "file:" + pkcs12_pwd_fname]) + def create_self_signed(self, passwd=None): self.create_noise_file() self.create_passwd_file(passwd) @@ -1017,6 +1024,11 @@ class CertDB(object): os.unlink(key_fname) os.unlink(cert_fname) + def install_pem_from_p12(self, p12_fname, p12_pwd_fname, pem_fname): + ipautil.run(["/usr/bin/openssl", "pkcs12", "-nodes", + "-in", p12_fname, "-out", pem_fname, + "-passin", "file:" + p12_pwd_fname]) + def backup_files(self): self.fstore.backup_file(self.noise_fname) self.fstore.backup_file(self.passwd_fname) |