diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-12-08 16:35:12 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
commit | bfaea1dd78bbf6de0248ef8e33784d57ead9d24a (patch) | |
tree | d4a027d5056ea909017536de111d47394e9271b3 /ipaserver/install/dsinstance.py | |
parent | 2efc08a6fc8c0407ff2169e3ef7eed92eaaa6545 (diff) | |
download | freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.gz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.xz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.zip |
Move Selfsigned CA creation out of dsinstance
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 6fdc479ca..36bc51530 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -469,7 +469,7 @@ class DsInstance(service.Service): def __enable_ssl(self): dirname = config_dirname(self.serverid) - dsdb = certs.CertDB(dirname, self.realm_name, subject_base=self.subject_base) + dsdb = certs.CertDB(self.realm_name, nssdir=dirname, subject_base=self.subject_base) if self.pkcs12_info: dsdb.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1]) server_certs = dsdb.find_server_certs() @@ -481,9 +481,8 @@ class DsInstance(service.Service): self.dercert = dsdb.get_cert_from_db(nickname) else: nickname = "Server-Cert" - cadb = certs.CertDB(httpinstance.NSS_DIR, self.realm_name, host_name=self.fqdn, subject_base=self.subject_base) + cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base) if self.self_signed_ca: - cadb.create_self_signed() dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb) dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname) @@ -601,7 +600,7 @@ class DsInstance(service.Service): # drop the trailing / off the config_dirname so the directory # will match what is in certmonger dirname = config_dirname(serverid)[:-1] - dsdb = certs.CertDB(dirname, self.realm_name) + dsdb = certs.CertDB(self.realm_name, nssdir=dirname) dsdb.untrack_server_cert("Server-Cert") erase_ds_instance_data(serverid) @@ -643,7 +642,7 @@ class DsInstance(service.Service): self.stop() dirname = config_dirname(realm_to_serverid(self.realm_name)) - certdb = certs.CertDB(dirname, self.realm_name, subject_base=self.subject_base) + certdb = certs.CertDB(self.realm_name, nssdir=dirname, subject_base=self.subject_base) if not cacert_name or len(cacert_name) == 0: cacert_name = "Imported CA" # we can't pass in the nickname, so we set the instance variable |