1 files changed, 20 insertions, 11 deletions

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 88ea415bf..a87dbf413 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -89,19 +89,12 @@ def strip_header(pem):
 
     return pem
 
-def load_certificate(data, datatype=PEM, dbdir=None):
+def initialize_nss_database(dbdir=None):
     """
-    Given a base64-encoded certificate, with or without the
-    header/footer, return a request object.
-
-    Returns a nss.Certificate type
+    Initializes NSS database, if not initialized yet. Uses a proper database
+    directory (.ipa/alias or HTTPD_ALIAS_DIR), depending on the value of
+    api.env.in_tree.
     """
-    if type(data) in (tuple, list):
-        data = data[0]
-
-    if (datatype == PEM):
-        data = strip_header(data)
-        data = base64.b64decode(data)
 
     if not nss.nss_is_initialized():
         if dbdir is None:
@@ -116,6 +109,22 @@ def load_certificate(data, datatype=PEM, dbdir=None):
         else:
             nss.nss_init(dbdir)
 
+def load_certificate(data, datatype=PEM, dbdir=None):
+    """
+    Given a base64-encoded certificate, with or without the
+    header/footer, return a request object.
+
+    Returns a nss.Certificate type
+    """
+    if type(data) in (tuple, list):
+        data = data[0]
+
+    if (datatype == PEM):
+        data = strip_header(data)
+        data = base64.b64decode(data)
+
+    initialize_nss_database(dbdir=dbdir)
+
     return nss.Certificate(buffer(data))
 
 def load_certificate_from_file(filename, dbdir=None):