path: root/ipaserver/install/
diff options
authorRob Crittenden <>2011-06-08 10:54:41 -0400
committerRob Crittenden <>2011-06-21 19:09:50 -0400
commitdd69c7dbe68e8f8674994a54ea913f2dd2e52c32 (patch)
tree5fdc303354eb26a1d2cd206c81babdc73e8d51b9 /ipaserver/install/
parent3a36eced53e540fe8f2b23eadf7dffda080324de (diff)
Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/ into ipalib/ This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
Diffstat (limited to 'ipaserver/install/')
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/ b/ipaserver/install/
index 845e1e2..574a5af 100644
--- a/ipaserver/install/
+++ b/ipaserver/install/
@@ -379,7 +379,7 @@ class DsInstance(service.Service):
logging.debug("completed creating ds instance")
except ipautil.CalledProcessError, e:
logging.critical("failed to restart ds instance %s" % e)
# check for open port 389 from now on
@@ -517,7 +517,7 @@ class DsInstance(service.Service):
# We only handle one server cert
nickname = server_certs[0][0]
- self.dercert = dsdb.get_cert_from_db(nickname)
+ self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname)
nickname = "Server-Cert"