diff options
author | Simo Sorce <ssorce@redhat.com> | 2010-11-01 13:51:14 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2010-11-18 15:09:31 -0500 |
commit | 74ba0cc7c1bdb9c560324a68c16593755bcda5d8 (patch) | |
tree | 13165adebe5ee440606b76e735e49787fb94657a /ipaserver/install/httpinstance.py | |
parent | 775fc23738d8a882bdd9cff9064b50594901e518 (diff) | |
download | freeipa-74ba0cc7c1bdb9c560324a68c16593755bcda5d8.tar.gz freeipa-74ba0cc7c1bdb9c560324a68c16593755bcda5d8.tar.xz freeipa-74ba0cc7c1bdb9c560324a68c16593755bcda5d8.zip |
Use Realm as certs subject base name
Also use the realm name as nickname for the CA certificate
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r-- | ipaserver/install/httpinstance.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 13d7a6601..f55995b19 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -30,7 +30,7 @@ import dsinstance import installutils from ipapython import sysrestore from ipapython import ipautil -from ipalib import util +from ipalib import util, api HTTPD_DIR = "/etc/httpd" SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf" @@ -164,10 +164,10 @@ class HTTPInstance(service.Service): def __setup_ssl(self): if self.self_signed_ca: - ca_db = certs.CertDB(NSS_DIR, subject_base=self.subject_base) + ca_db = certs.CertDB(NSS_DIR, self.realm, subject_base=self.subject_base) else: - ca_db = certs.CertDB(NSS_DIR, host_name=self.fqdn, subject_base=self.subject_base) - db = certs.CertDB(NSS_DIR, subject_base=self.subject_base) + ca_db = certs.CertDB(NSS_DIR, self.realm, host_name=self.fqdn, subject_base=self.subject_base) + db = certs.CertDB(NSS_DIR, self.realm, subject_base=self.subject_base) if self.pkcs12_info: db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd="") server_certs = db.find_server_certs() @@ -223,7 +223,7 @@ class HTTPInstance(service.Service): prefs_fd.close() # The signing cert is generated in __setup_ssl - db = certs.CertDB(NSS_DIR, subject_base=self.subject_base) + db = certs.CertDB(NSS_DIR, self.realm, subject_base=self.subject_base) pwdfile = open(db.passwd_fname) pwd = pwdfile.read() @@ -238,7 +238,7 @@ class HTTPInstance(service.Service): shutil.rmtree(tmpdir) def __publish_ca_cert(self): - ca_db = certs.CertDB(NSS_DIR) + ca_db = certs.CertDB(NSS_DIR, self.realm) shutil.copy(ca_db.cacert_fname, "/usr/share/ipa/html/ca.crt") os.chmod("/usr/share/ipa/html/ca.crt", 0444) @@ -252,7 +252,7 @@ class HTTPInstance(service.Service): if not running is None: self.stop() - db = certs.CertDB(NSS_DIR) + db = certs.CertDB(NSS_DIR, api.env.realm) db.untrack_server_cert("Server-Cert") if not enabled is None and not enabled: self.chkconfig_off() |