From 8d164569d0e4ee79089ae224ac6f5a569c291cdb Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 10 Jul 2009 16:18:16 -0400 Subject: Allow replicas of an IPA server using an internal dogtag server as the CA This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently. --- ipapython/dogtag.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'ipapython/dogtag.py') diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 684754f44..75ecbf6db 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -21,12 +21,14 @@ from ipalib import api, errors import httplib import xml.dom.minidom -def get_ca_certchain(): +def get_ca_certchain(ca_host=None): """ Retrieve the CA Certificate chain from the configured Dogtag server. """ + if ca_host is None: + ca_host = api.env.ca_host chain = None - conn = httplib.HTTPConnection(api.env.ca_host, 9180) + conn = httplib.HTTPConnection(ca_host, 9180) conn.request("GET", "/ca/ee/ca/getCertChain") res = conn.getresponse() if res.status == 200: @@ -42,8 +44,8 @@ def get_ca_certchain(): item_node = doc.getElementsByTagName("Error") reason = item_node[0].childNodes[0].data raise errors.RemoteRetrieveError(reason=reason) - except: - raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed") + except Exception, e: + raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed: %s" % str(e)) finally: doc.unlink() -- cgit