summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2014-06-09 16:04:09 +0200
committerPetr Viktorin <pviktori@redhat.com>2014-07-30 16:04:21 +0200
commitd2bf0b8b540e4efdb5ef06a449310f9a04a2eb17 (patch)
treed9d95c32799bc4141f2d8bcda301624be413b51d /ipaserver/install/dsinstance.py
parent9d4eeeda55b397237af17392f3acb9542e126145 (diff)
downloadfreeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.gz
freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.xz
freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.zip
Fix trust flags in HTTP and DS NSS databases.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2a9f3b618..e503cb220 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -625,8 +625,13 @@ class DsInstance(service.Service):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
if self.pkcs12_info:
+ if self.ca_is_configured:
+ trust_flags = 'CT,C,C'
+ else:
+ trust_flags = None
dsdb.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1],
- ca_file=self.ca_file)
+ ca_file=self.ca_file,
+ trust_flags=trust_flags)
server_certs = dsdb.find_server_certs()
if len(server_certs) == 0:
raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])
generated by cgit (git 2.34.1) at 2024-06-08 23:19:03 +0000