From 4e3c1051d029363a099312eac48f337244a5610c Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Tue, 26 Mar 2013 18:06:50 +0100
Subject: Uninstall selfsign CA on upgrade

This will convert a master with a selfsign CA to a CA-less one in
ipa-upgradeconfig.
The relevant files are left in place and can be used to manage certs
manually.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
---
 ipaserver/install/httpinstance.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ipaserver/install/httpinstance.py')

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index c34073546..e134fbef3 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -376,8 +376,7 @@ class HTTPInstance(service.Service):
         if not running is None:
             self.stop()
 
-        db = certs.CertDB(api.env.realm)
-        db.untrack_server_cert(self.cert_nickname)
+        self.stop_tracking_certificates()
         if not enabled is None and not enabled:
             self.disable()
 
@@ -404,3 +403,7 @@ class HTTPInstance(service.Service):
 
         if not running is None and running:
             self.start()
+
+    def stop_tracking_certificates(self):
+        db = certs.CertDB(api.env.realm)
+        db.untrack_server_cert(self.cert_nickname)
-- 
cgit