3 files changed, 12 insertions, 6 deletions

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 42225c28c..563a198ab 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -473,6 +473,9 @@ class CAInstance(DogtagInstance):
             self.step("configure Server-Cert certificate renewal", self.track_servercert)
             self.step("Configure HTTP to proxy connections",
                       self.http_proxy)
+            if not self.clone:
+                self.step("restarting certificate server", self.restart_instance)
+                self.step("Importing IPA certificate profiles", import_included_profiles)
 
         self.start_creation(runtime=210)
 
@@ -1694,6 +1697,7 @@ def import_included_profiles():
             )
             conn.add_entry(entry)
             api.Backend.ra_certprofile._read_password()
+            api.Backend.ra_certprofile.override_port = 8443
             with api.Backend.ra_certprofile as profile_api:
                 # import the profile
                 try:
@@ -1715,6 +1719,7 @@ def import_included_profiles():
                 except errors.RemoteRetrieveError:
                     pass
 
+            api.Backend.ra_certprofile.override_port = None
             root_logger.info("Imported profile '%s'", profile_id)
 
     conn.disconnect()
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 955e4cc11..999766d67 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -906,9 +906,6 @@ def install(options):
         service.print_msg("Restarting the certificate server")
         ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)
 
-        service.print_msg("Importing certificate profiles")
-        cainstance.import_included_profiles()
-
     if options.setup_dns:
         api.Backend.ldap2.connect(autobind=True)
         dns.install(False, False, options)
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index e6668bb43..e60cced1a 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1973,6 +1973,7 @@ class RestClient(Backend):
         super(RestClient, self).__init__()
 
         # session cookie
+        self.override_port = None
         self.cookie = None
 
     def _read_password(self):
@@ -2007,7 +2008,8 @@ class RestClient(Backend):
         if self.cookie is not None:
             return
         status, status_text, resp_headers, resp_body = dogtag.https_request(
-            self.ca_host, self.env.ca_agent_port, '/ca/rest/account/login',
+            self.ca_host, self.override_port or self.env.ca_agent_port,
+            '/ca/rest/account/login',
             self.sec_dir, self.password, self.ipa_certificate_nickname,
             method='GET'
         )
@@ -2020,7 +2022,8 @@ class RestClient(Backend):
     def __exit__(self, exc_type, exc_value, traceback):
         """Log out of the REST API"""
         dogtag.https_request(
-            self.ca_host, self.env.ca_agent_port, '/ca/rest/account/logout',
+            self.ca_host, self.override_port or self.env.ca_agent_port,
+            '/ca/rest/account/logout',
             self.sec_dir, self.password, self.ipa_certificate_nickname,
             method='GET'
         )
@@ -2046,7 +2049,8 @@ class RestClient(Backend):
 
         # perform main request
         status, status_text, resp_headers, resp_body = dogtag.https_request(
-            self.ca_host, self.env.ca_agent_port, resource,
+            self.ca_host, self.override_port or self.env.ca_agent_port,
+            resource,
             self.sec_dir, self.password, self.ipa_certificate_nickname,
             method=method, headers=headers, body=body
         )