From 1bc892c02daf5e6295ac2e59f17499f6f168b899 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 26 Mar 2013 15:31:07 +0100
Subject: Load the CA cert into server NSS databases

The CA cert was not loaded, so if it was missing from the PKCS#12 file,
installation would fail.
Pass the cert filename to the server installers and include it in
the NSS DB.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
---
 install/tools/ipa-replica-install | 7 +++++--
 install/tools/ipa-server-install  | 5 +++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'install/tools')

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index a0f20e44b..af80c1e3e 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -164,7 +164,7 @@ def install_replica_ds(config):
     ds.create_replica(config.realm_name,
                       config.master_host_name, config.host_name,
                       config.domain_name, config.dirman_password,
-                      pkcs12_info)
+                      pkcs12_info, ca_file = config.dir + "/ca.crt")
 
     return ds
 
@@ -209,7 +209,10 @@ def install_http(config, auto_redirect):
     memcache.create_instance('MEMCACHE', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name))
 
     http = httpinstance.HTTPInstance()
-    http.create_instance(config.realm_name, config.host_name, config.domain_name, config.dirman_password, False, pkcs12_info, self_signed_ca=True, auto_redirect=auto_redirect)
+    http.create_instance(
+        config.realm_name, config.host_name, config.domain_name,
+        config.dirman_password, False, pkcs12_info,
+        auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt")
 
     # Now copy the autoconfiguration files
     if ipautil.file_exists(config.dir + "/preferences.html"):
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 5aa5cd73f..da3caa08d 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -991,7 +991,8 @@ def main():
                             dm_password, dirsrv_pkcs12_info,
                             idstart=options.idstart, idmax=options.idmax,
                             subject_base=options.subject,
-                            hbac_allow=not options.hbac_allow)
+                            hbac_allow=not options.hbac_allow,
+                            ca_file=ca_file)
         else:
             ds = dsinstance.DsInstance(fstore=fstore)
             ds.create_instance(realm_name, host_name, domain_name,
@@ -1122,7 +1123,7 @@ def main():
         http.create_instance(
             realm_name, host_name, domain_name, dm_password, autoconfig=False,
             pkcs12_info=http_pkcs12_info, subject_base=options.subject,
-            auto_redirect=options.ui_redirect)
+            auto_redirect=options.ui_redirect, ca_file=ca_file)
     else:
         http.create_instance(
             realm_name, host_name, domain_name, dm_password, autoconfig=True,
-- 
cgit