summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/httpinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2009-04-17 17:17:31 -0400
committerRob Crittenden <rcritten@redhat.com>2009-05-04 16:54:42 -0400
commitdfe9db55484339a8a9f2ce3bd057bd9702bb9579 (patch)
treefb99b81da54e189d6ea08c47348b4e044990ecbc /ipaserver/install/httpinstance.py
parent36c239cda44c3e816a3ffd95957f2d49f434f62b (diff)
downloadfreeipa-dfe9db55484339a8a9f2ce3bd057bd9702bb9579.zip
freeipa-dfe9db55484339a8a9f2ce3bd057bd9702bb9579.tar.gz
freeipa-dfe9db55484339a8a9f2ce3bd057bd9702bb9579.tar.xz
Add signing profile to CA installation so we can sign the firefox jar file.
Use the requestId we get back from the CA when requesting the RA agent cert and use that to issue the certificate rather than hardcoding 7. This also adds some clean-up of file permissions and leaking fds
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r--ipaserver/install/httpinstance.py9
1 files changed, 1 insertions, 8 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 0637e3f..1bd9ffd 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -183,6 +183,7 @@ class HTTPInstance(service.Service):
db.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ca_db)
else:
db.create_server_cert("Server-Cert", "CN=%s,OU=ipa-pki,O=IPA" % self.fqdn, ca_db)
+ db.create_signing_cert("Signing-Cert", "CN=Object Signing Cert,OU=ipa-pki,O=IPA", ca_db)
db.create_password_conf()
# Fix the database permissions
@@ -196,20 +197,12 @@ class HTTPInstance(service.Service):
os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
def __setup_autoconfig(self):
- # FIXME. Need to issue the self-signed cert from the CA as well.
- # A special profile is needed from the CS team to do this.
- if not self.self_signed_ca:
- return
prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")
prefs_fd.write(prefs_txt)
prefs_fd.close()
# The signing cert is generated in __setup_ssl
- if self.self_signed_ca:
- ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(self.realm)))
- else:
- ca_db = certs.CertDB(NSS_DIR)
db = certs.CertDB(NSS_DIR)
tmpdir = tempfile.mkdtemp(prefix = "tmp-")