From 38ae093c7bc1f90c4fe5edf4540efba57e86d8a3 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 27 Aug 2009 16:48:02 -0400 Subject: Add the CA constraint to the self-signed CA we generate 514027 --- ipaserver/install/certs.py | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'ipaserver/install/certs.py') diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 9a3636e4d..df59acc3f 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -283,14 +283,25 @@ class CertDB(object): # Generate the encryption key self.run_certutil(["-G", "-z", self.noise_fname, "-f", self.passwd_fname]) # Generate the self-signed cert - self.run_certutil(["-S", "-n", self.cacert_name, - "-s", "cn=IPA Test Certificate Authority", - "-x", - "-t", "CT,,C", - "-m", self.next_serial(), - "-v", self.valid_months, - "-z", self.noise_fname, - "-f", self.passwd_fname]) + p = subprocess.Popen(["/usr/bin/certutil", + "-d", self.secdir, + "-S", "-n", self.cacert_name, + "-s", "cn=IPA Test Certificate Authority", + "-x", + "-t", "CT,,C", + "-2", + "-m", self.next_serial(), + "-v", self.valid_months, + "-z", self.noise_fname, + "-f", self.passwd_fname], + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + # Is this a CA certificate [y/N]? y + # Enter the path length constraint, enter to skip [<0 for unlimited pat + # Is this a critical extension [y/N]? y + p.stdin.write("y\n\n7\n") + p.wait() def export_ca_cert(self, nickname, create_pkcs12=False): """create_pkcs12 tells us whether we should create a PKCS#12 file -- cgit