From 9e223e6fd4f16213355c64cd2524500c689210ff Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 12 Jun 2014 11:29:57 +0200
Subject: Upload renewed CA cert to certificate store on renewal.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 install/restart_scripts/renew_ca_cert | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index b66cfa292..69d79338d 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -29,7 +29,7 @@ import traceback
 
 from ipapython import dogtag, certmonger, ipautil
 from ipapython.dn import DN
-from ipalib import api, errors, x509, util
+from ipalib import api, errors, x509, certstore
 from ipaserver.install import certs, cainstance, installutils
 from ipaserver.plugins.ldap2 import ldap2
 from ipaplatform import services
@@ -103,13 +103,8 @@ def main():
                 conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
                 conn.connect(ccache=ccache)
 
-                dn = DN(('cn', 'CAcert'), ('cn', 'ipa'), ('cn', 'etc'),
-                        api.env.basedn)
                 try:
-                    entry = conn.get_entry(
-                        dn, attrs_list=['cACertificate;binary'])
-                    entry['cACertificate;binary'] = [cert]
-                    conn.update_entry(entry)
+                    certstore.update_ca_cert(conn, api.env.basedn, cert)
                 except errors.EmptyModlist:
                     pass
 
-- 
cgit