From 4ca95a0cbfa5bb50d90cda496db6558ba3d5544e Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 11 Jun 2010 11:02:29 -0400 Subject: Retrieve the CA certificate before starting enrollment. We need the CA certificate so we can use SSL when binding with a one-time password (bulk enrollment) --- ipa-client/ipa-install/ipa-client-install | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'ipa-client/ipa-install/ipa-client-install') diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index c1cc40a71..5952c941b 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -539,6 +539,15 @@ def main(): if options.principal is None and options.password is None and options.prompt_password is False: options.principal = user_input("Principal", allow_empty=False) + # Get the CA certificate + try: + # Remove anything already there so that wget doesn't use its + # too-clever renaming feature + os.remove("/etc/ipa/ca.crt") + except: + pass + run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server]) + if not options.on_master: # First test out the kerberos configuration try: @@ -621,8 +630,6 @@ def main(): return 1 print "Configured /etc/ldap.conf" - # Get the CA certificate - run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt" % cli_server]) # Add the CA to the default NSS database and trust it run(["/usr/bin/certutil", "-A", "-d", "/etc/pki/nssdb", "-n", "IPA CA", "-t", "CT,C,C", "-a", "-i", "/etc/ipa/ca.crt"]) -- cgit