From 270292f70b884cfedc712ad4c4ebdc542cd233a5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 17 Mar 2010 14:33:06 -0400 Subject: Configure the CRL URI in dogtag. Also print out a restart message after applying the custom subject. It takes a while to restart dogtag and this lets the user know things are moving forward. --- ipaserver/install/cainstance.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index aedee8cfb..f31bdc6d2 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -976,7 +976,6 @@ class CAInstance(service.Service): pent = pwd.getpwnam(self.pki_user) os.chown(publishdir, pent.pw_uid, pent.pw_gid ) - # Enable file publishing, disable LDAP installutils.set_directive(caconfig, 'ca.publish.enable', 'true', quotes=False, separator='=') installutils.set_directive(caconfig, 'ca.publish.ldappublish.enable', 'false', quotes=False, separator='=') @@ -1007,6 +1006,9 @@ class CAInstance(service.Service): installutils.set_directive(caconfig, 'ca.publish.rule.instance.LdapUserCertRule.enable', 'false', quotes=False, separator='=') installutils.set_directive(caconfig, 'ca.publish.rule.instance.LdapXCertRule.enable', 'false', quotes=False, separator='=') + # Fix the CRL URI in the profile + installutils.set_directive('/var/lib/%s/profiles/ca/caIPAserviceCert.cfg' % PKI_INSTANCE_NAME, 'policyset.serverCertSet.9.default.params.crlDistPointsPointName_0', 'https://%s/ipa/crl/MasterCRL.bin' % self.host_name, quotes=False, separator='=') + ipautil.run(["/sbin/restorecon", publishdir]) def __setup_selinux(self): @@ -1032,6 +1034,7 @@ class CAInstance(service.Service): # format. We need to update that template with our base subject if installutils.update_file("/var/lib/%s/profiles/ca/caIPAserviceCert.cfg" % PKI_INSTANCE_NAME, 'OU=pki-ipa, O=IPA', self.subject_base): print "Updating subject_base in CA template failed" + self.print_msg("restarting certificate server") self.__restart_instance() def uninstall(self): -- cgit