From 8d164569d0e4ee79089ae224ac6f5a569c291cdb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 10 Jul 2009 16:18:16 -0400
Subject: Allow replicas of an IPA server using an internal dogtag server as
 the CA

This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.

Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
---
 ipaserver/install/dsinstance.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ipaserver/install/dsinstance.py')

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index e31cd081f..76eb8dd95 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -327,12 +327,12 @@ class DsInstance(service.Service):
             nickname = "Server-Cert"
             if self.self_signed_ca:
                 dsdb.create_self_signed()
-                dsdb.create_server_cert("Server-Cert", "cn=%s,ou=Fedora Directory Server" % self.host_name)
+                dsdb.create_server_cert("Server-Cert", self.host_name)
             else:
                 cadb = certs.CertDB("/etc/httpd/alias", host_name=self.host_name)
                 cadb.export_ca_cert(cadb.cacert_name, False)
                 dsdb.create_from_cacert(cadb.cacert_fname, passwd=None)
-                dsdb.create_server_cert("Server-Cert", "CN=%s,OU=pki-ipa,O=IPA" % self.host_name, cadb)
+                dsdb.create_server_cert("Server-Cert", self.host_name, cadb)
                 dsdb.create_pin_file()
 
         conn = ipaldap.IPAdmin("127.0.0.1")
-- 
cgit