diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-03-12 11:33:18 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 2f6990c256bc04389a9653094bc15bb94832bffa (patch) | |
tree | ae85b49307f2c6b4d5ece5bcaabc72662f99970b /ipaserver | |
parent | 9393c3978e1dc2beaa88331db1f30021c44f526b (diff) | |
download | freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.gz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.tar.xz freeipa-2f6990c256bc04389a9653094bc15bb94832bffa.zip |
Track CA certificate using dogtag-ipa-ca-renew-agent.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 03aec9571..f0aef7558 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -312,9 +312,10 @@ def stop_tracking_certificates(dogtag_constants): cmonger.start() for nickname in ['Server-Cert cert-pki-ca', - 'auditSigningCert cert-pki-ca', - 'ocspSigningCert cert-pki-ca', - 'subsystemCert cert-pki-ca']: + 'auditSigningCert cert-pki-ca', + 'ocspSigningCert cert-pki-ca', + 'subsystemCert cert-pki-ca', + 'caSigningCert cert-pki-ca']: try: certmonger.stop_tracking( dogtag_constants.ALIAS_DIR, nickname=nickname) @@ -1437,12 +1438,16 @@ class CAInstance(service.Service): 'Unable to determine PIN for CA instance: %s' % e) def configure_renewal(self): + reqs = ( + ('auditSigningCert cert-pki-ca', None), + ('ocspSigningCert cert-pki-ca', None), + ('subsystemCert cert-pki-ca', None), + ('caSigningCert cert-pki-ca', 'ipaCACertRenewal'), + ) pin = self.__get_ca_pin() # Server-Cert cert-pki-ca is renewed per-server - for nickname in ['auditSigningCert cert-pki-ca', - 'ocspSigningCert cert-pki-ca', - 'subsystemCert cert-pki-ca']: + for nickname, profile in reqs: try: certmonger.dogtag_start_tracking( ca='dogtag-ipa-ca-renew-agent', @@ -1451,7 +1456,8 @@ class CAInstance(service.Service): pinfile=None, secdir=self.dogtag_constants.ALIAS_DIR, pre_command='stop_pkicad', - post_command='renew_ca_cert "%s"' % nickname) + post_command='renew_ca_cert "%s"' % nickname, + profile=profile) except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to start tracking certificate: %s" % e) |