diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-06-17 16:47:39 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-06-23 19:04:33 -0400 |
commit | 8a32bb3746802a29b2655e4ad2cbbba8481e1eaf (patch) | |
tree | 14c7e77b744d31e303d78313cf9866502dad1ef9 /ipaserver/install/certs.py | |
parent | cbffe1d65df222acf6eb26cdaa121932a01f9ba7 (diff) | |
download | freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.gz freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.xz freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.zip |
Make dogtag an optional (and default un-) installed component in a replica.
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.
A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.
This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.
https://fedorahosted.org/freeipa/ticket/1251
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 07dda2cc0..ebe654dd3 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -446,6 +446,7 @@ class CertDB(object): return cert else: (cert, start) = find_cert_from_txt(cert, start=0) + cert = x509.strip_header(cert) dercert = base64.b64decode(cert) return dercert except ipautil.CalledProcessError: @@ -475,7 +476,8 @@ class CertDB(object): service.stop("certmonger") cert = self.get_cert_from_db(nickname) - subject = str(x509.get_subject(cert)) + nsscert = x509.load_certificate(cert, dbdir=self.secdir) + subject = str(nsscert.subject) m = re.match('New tracking request "(\d+)" added', stdout) if not m: logging.error('Didn\'t get new certmonger request, got %s' % stdout) |