From f1e186d7d879098b37ba6c3f6ea257942381d4c1 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 3 Jul 2014 11:59:00 +0200
Subject: Export full CA chain to /etc/ipa/ca.crt in ipa-server-install.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 install/tools/ipa-server-install | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'install/tools')

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9b76e9510..dc3655b8e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1162,6 +1162,11 @@ def main():
             subject_base=options.subject, auto_redirect=options.ui_redirect)
     tasks.restore_context(paths.CACHE_IPA_SESSIONS)
 
+    # Export full CA chain
+    ca_db = certs.CertDB(realm_name)
+    os.chmod(CACERT, 0644)
+    ca_db.publish_ca_cert(CACERT)
+
     set_subject_in_config(realm_name, dm_password, ipautil.realm_to_suffix(realm_name), options.subject)
 
     # Apply any LDAP updates. Needs to be done after the configuration file
-- 
cgit