Untrack old and track new cert with certmonger in ipa-server-certinstall.

https://fedorahosted.org/freeipa/ticket/3641
author: Jan Cholasta <jcholast@redhat.com> 2013-07-15 08:12:50 +0000
committer: Petr Viktorin <pviktori@redhat.com> 2013-08-20 16:18:59 +0200
commit: 1669253238f87f508b0b599029d16d4f0d594b30 (patch)
tree: 027538eb5a9d42565c8006672fb4e38c0e35fc72 /ipaserver
parent: f2c3ae36f939199e4d5bb3ea2c27c984708aae13 (diff)
download: freeipa-1669253238f87f508b0b599029d16d4f0d594b30.tar.gz
freeipa-1669253238f87f508b0b599029d16d4f0d594b30.tar.xz
freeipa-1669253238f87f508b0b599029d16d4f0d594b30.zip
1 files changed, 12 insertions, 3 deletions
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index e4676098d..4960fda61 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -112,7 +112,8 @@ class ServerCertInstall(admintool.AdminTool):
         old_cert = entry.single_value('nssslpersonalityssl')
 
         server_cert = self.import_cert(dirname, self.options.dirsrv_pin,
-                                       old_cert)
+                                       old_cert, 'ldap/%s' % api.env.host,
+                                       'restart_dirsrv %s' % serverid)
 
         entry['nssslpersonalityssl'] = [server_cert]
         try:
@@ -129,7 +130,8 @@ class ServerCertInstall(admintool.AdminTool):
                                               'NSSNickname')
 
         server_cert = self.import_cert(dirname, self.options.http_pin,
-                                       old_cert)
+                                       old_cert, 'HTTP/%s' % api.env.host,
+                                       'restart_httpd')
 
         installutils.set_directive(httpinstance.NSS_CONF,
                                    'NSSNickname', server_cert)
@@ -144,7 +146,7 @@ class ServerCertInstall(admintool.AdminTool):
         os.chown(os.path.join(dirname, 'key3.db'), 0, pent.pw_gid)
         os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid)
 
-    def import_cert(self, dirname, pkcs12_passwd, old_cert):
+    def import_cert(self, dirname, pkcs12_passwd, old_cert, principal, command):
         pw = write_tmp_file(pkcs12_passwd)
         server_cert = installutils.check_pkcs12(
             pkcs12_info=(self.pkcs12_fname, pw.name),
@@ -153,8 +155,15 @@ class ServerCertInstall(admintool.AdminTool):
 
         cdb = certs.CertDB(api.env.realm, nssdir=dirname)
         try:
+            if api.env.enable_ra:
+                cdb.untrack_server_cert(old_cert)
+
             cdb.delete_cert(old_cert)
             cdb.import_pkcs12(self.pkcs12_fname, pw.name)
+
+            if api.env.enable_ra:
+                cdb.track_server_cert(server_cert, principal, cdb.passwd_fname,
+                                      command)
         except RuntimeError, e:
             raise admintool.ScriptError(str(e))
author	Jan Cholasta <jcholast@redhat.com>	2013-07-15 08:12:50 +0000
committer	Petr Viktorin <pviktori@redhat.com>	2013-08-20 16:18:59 +0200
commit	1669253238f87f508b0b599029d16d4f0d594b30 (patch)
tree	027538eb5a9d42565c8006672fb4e38c0e35fc72 /ipaserver
parent	f2c3ae36f939199e4d5bb3ea2c27c984708aae13 (diff)
download	freeipa-1669253238f87f508b0b599029d16d4f0d594b30.tar.gz freeipa-1669253238f87f508b0b599029d16d4f0d594b30.tar.xz freeipa-1669253238f87f508b0b599029d16d4f0d594b30.zip