From 9182c10b03a7841c9318ad64ae6c5deda77d93d1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 13 Apr 2009 13:39:15 -0400
Subject: Issue DS and Apache server certs during CA installation.

Notes:
- will create a CA instance (pki-ca) if it doesn't exist
- maintains support for a self-signed CA
- A signing cert is still not created so Firefox autoconfig still won't work
---
 install/tools/ipa-server-install | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'install')

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cefdbf85e..da7fdc788 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -42,6 +42,7 @@ from ipaserver.install import krbinstance
 from ipaserver.install import bindinstance
 from ipaserver.install import httpinstance
 from ipaserver.install import ntpinstance
+from ipaserver.install import certs
 
 from ipaserver.install import service
 from ipapython import version
@@ -512,6 +513,12 @@ def main():
             print >> sys.stderr, "Import failed: %s" % sys.exc_value
             sys.exit(1)
 
+        # Clean up any previous self-signed CA that may exist
+        try:
+            os.remove(certs.CA_SERIALNO)
+        except:
+            pass
+
         cs = cainstance.CADSInstance()
         cs.create_instance("dirsrv", realm_name, host_name, domain_name, dm_password)
         ca = cainstance.CAInstance()
@@ -526,7 +533,7 @@ def main():
         finally:
             os.remove(pw_name)
     else:
-        ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)
+        ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca)
 
     # Create a kerberos instance
     krb = krbinstance.KrbInstance(fstore)
@@ -545,7 +552,7 @@ def main():
         http.create_instance(realm_name, host_name, domain_name, autoconfig=False, pkcs12_info=pkcs12_info)
         os.remove(pw_name)
     else:
-        http.create_instance(realm_name, host_name, domain_name, autoconfig=True)
+        http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca)
 
     # Create the config file
     fstore.backup_file("/etc/ipa/ipa.conf")
-- 
cgit