diff options
| -rw-r--r-- | ipaserver/install/cainstance.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index e8bb7d701..36a1db060 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -534,6 +534,11 @@ class CAInstance(DogtagInstance): config.set("CA", "pki_external_csr_path", self.csr_file) elif self.external == 2: + cert = x509.load_certificate_from_file(self.cert_file) + cert_file = tempfile.NamedTemporaryFile() + x509.write_certificate(cert.der_data, cert_file.name) + cert_file.flush() + cert_chain, stderr, rc = ipautil.run( [paths.OPENSSL, 'crl2pkcs7', '-certfile', self.cert_chain_file, @@ -546,7 +551,7 @@ class CAInstance(DogtagInstance): cert_chain_file = ipautil.write_tmp_file(cert_chain) config.set("CA", "pki_external", "True") - config.set("CA", "pki_external_ca_cert_path", self.cert_file) + config.set("CA", "pki_external_ca_cert_path", cert_file.name) config.set("CA", "pki_external_ca_cert_chain_path", cert_chain_file.name) config.set("CA", "pki_external_step_two", "True") @@ -660,10 +665,15 @@ class CAInstance(DogtagInstance): args.append("-ext_csr_file") args.append(self.csr_file) elif self.external == 2: + cert = x509.load_certificate_from_file(self.cert_file) + cert_file = tempfile.NamedTemporaryFile() + x509.write_certificate(cert.der_data, cert_file.name) + cert_file.flush() + args.append("-external") args.append("true") args.append("-ext_ca_cert_file") - args.append(self.cert_file) + args.append(cert_file.name) args.append("-ext_ca_cert_chain_file") args.append(self.cert_chain_file) else: |