1 files changed, 5 insertions, 9 deletions

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9c0947c83..f3a01e892 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -754,7 +754,7 @@ def main():
 
         if options.external_cert_file is None:
             cs = cainstance.CADSInstance()
-            cs.create_instance(realm_name, host_name, domain_name, dm_password)
+            cs.create_instance(realm_name, host_name, domain_name, dm_password, subject_base=options.subject)
         ca = cainstance.CAInstance(realm_name, certs.NSS_DIR)
         if external == 0:
             ca.configure_instance(host_name, dm_password, dm_password,
@@ -817,17 +817,13 @@ def main():
         ca.ldap_enable('CA', host_name, dm_password,
                        util.realm_to_suffix(realm_name))
 
-        # Symlink the IPA LDAP server NSS database to this one.
-        caconfigdir = dsinstance.config_dirname(dsinstance.realm_to_serverid('PKI-IPA'))
-        for filename in ['cert8.db', 'key3.db', 'secmod.db']:
-            os.unlink('%s%s' % (caconfigdir, filename))
-        dsconfigdir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
-        for filename in ['cert8.db', 'key3.db', 'secmod.db', 'pin.txt']:
-            os.symlink('%s%s' % (dsconfigdir, filename), '%s%s' % (caconfigdir, filename))
-
         # Turn on SSL in the dogtag LDAP instance. This will get restarted
         # later, we don't need SSL now.
+        cs.create_certdb()
         cs.enable_ssl()
+        # Add the IPA service for storing the PKI-IPA server certificate.
+        cs.add_simple_service('dogtagldap/%s@%s' % (host_name, realm_name))
+        cs.add_cert_to_service()
 
     # Create a kerberos instance
     if options.pkinit_pin: