diff options
| -rwxr-xr-x | install/tools/ipa-server-install | 12 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 13 |
2 files changed, 7 insertions, 18 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3069ba8d0..288022812 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -68,7 +68,7 @@ from ipapython import sysrestore from ipapython.ipautil import * from ipapython import ipautil from ipapython import dogtag -from ipalib import api, errors, util, x509 +from ipalib import api, errors, util from ipapython.config import IPAOptionParser from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file from ipalib.util import validate_domain_name @@ -1120,14 +1120,8 @@ def main(): # This is done within stopped_service context, which restarts CA ca.enable_client_auth_to_db() - # Upload the CA cert to the directory - ds.upload_ca_cert() - else: - with open(options.root_ca_file) as f: - pem_cert = f.read() - - # Upload the CA cert to the directory - ds.upload_ca_dercert(base64.b64decode(x509.strip_header(pem_cert))) + # Upload the CA cert to the directory + ds.upload_ca_cert() krb = krbinstance.KrbInstance(fstore) if options.pkinit_pkcs12: diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index af7d6fae6..a7e5e0787 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -672,22 +672,17 @@ class DsInstance(service.Service): dsdb = certs.NSSDatabase(nssdir=dirname) dsdb.export_pem_cert(nickname, location) - def upload_ca_cert(self, cacert_name=None): + def upload_ca_cert(self): """ Upload the CA certificate from the NSS database to the LDAP directory. """ dirname = config_dirname(self.serverid) - certdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base) + certdb = certs.CertDB(self.realm, nssdir=dirname, + subject_base=self.subject_base) - if cacert_name is None: - cacert_name = certdb.cacert_name - dercert = certdb.get_cert_from_db(cacert_name, pem=False) - self.upload_ca_dercert(dercert) + dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) - def upload_ca_dercert(self, dercert): - """Upload the CA DER certificate to the LDAP directory - """ conn = ipaldap.IPAdmin(self.fqdn) conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) |