From 861d1bbdca4793fb45fb233d236d3793cc23da36 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 14 Mar 2011 16:27:19 -0400
Subject: Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.

This fixes 2 AVCS:

* One because we are enabling port 7390 because an SSL port must be
  defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
  Instead generate a separate NSS database and certificate and have
  certmonger track it separately

I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.

ticket 1085
---
 ipaserver/install/httpinstance.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ipaserver/install/httpinstance.py')

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 4f876c9b8..e53c01e1c 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -186,6 +186,7 @@ class HTTPInstance(service.Service):
             # We only handle one server cert
             nickname = server_certs[0][0]
             self.dercert = db.get_cert_from_db(nickname)
+            db.track_server_cert(nickname, self.principal, db.passwd_fname)
 
             self.__set_mod_nss_nickname(nickname)
         else:
-- 
cgit