Make dogtag an optional (and default un-) installed component in a replica.

A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251
author: Rob Crittenden <rcritten@redhat.com> 2011-06-17 16:47:39 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2011-06-23 19:04:33 -0400
commit: 8a32bb3746802a29b2655e4ad2cbbba8481e1eaf (patch)
tree: 14c7e77b744d31e303d78313cf9866502dad1ef9 /ipaserver/install/certs.py
parent: cbffe1d65df222acf6eb26cdaa121932a01f9ba7 (diff)
download: freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.gz
freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.xz
freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 07dda2cc0..ebe654dd3 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -446,6 +446,7 @@ class CertDB(object):
                 return cert
             else:
                 (cert, start) = find_cert_from_txt(cert, start=0)
+                cert = x509.strip_header(cert)
                 dercert = base64.b64decode(cert)
                 return dercert
         except ipautil.CalledProcessError:
@@ -475,7 +476,8 @@ class CertDB(object):
 
         service.stop("certmonger")
         cert = self.get_cert_from_db(nickname)
-        subject = str(x509.get_subject(cert))
+        nsscert = x509.load_certificate(cert, dbdir=self.secdir)
+        subject = str(nsscert.subject)
         m = re.match('New tracking request "(\d+)" added', stdout)
         if not m:
             logging.error('Didn\'t get new certmonger request, got %s' % stdout)
author	Rob Crittenden <rcritten@redhat.com>	2011-06-17 16:47:39 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2011-06-23 19:04:33 -0400
commit	8a32bb3746802a29b2655e4ad2cbbba8481e1eaf (patch)
tree	14c7e77b744d31e303d78313cf9866502dad1ef9 /ipaserver/install/certs.py
parent	cbffe1d65df222acf6eb26cdaa121932a01f9ba7 (diff)
download	freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.gz freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.tar.xz freeipa-8a32bb3746802a29b2655e4ad2cbbba8481e1eaf.zip