From 8d164569d0e4ee79089ae224ac6f5a569c291cdb Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 10 Jul 2009 16:18:16 -0400
Subject: Allow replicas of an IPA server using an internal dogtag server as
 the CA

This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.

Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
---
 ipaserver/install/httpinstance.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ipaserver/install/httpinstance.py')

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 1bd9ffd5c..bf9267376 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -179,11 +179,11 @@ class HTTPInstance(service.Service):
         else:
             if self.self_signed_ca:
                 db.create_from_cacert(ca_db.cacert_fname)
-                db.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ca_db)
-                db.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ca_db)
+                db.create_server_cert("Server-Cert", self.fqdn, ca_db)
+                db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)
             else:
-                db.create_server_cert("Server-Cert", "CN=%s,OU=ipa-pki,O=IPA" % self.fqdn, ca_db)
-                db.create_signing_cert("Signing-Cert", "CN=Object Signing Cert,OU=ipa-pki,O=IPA", ca_db)
+                db.create_server_cert("Server-Cert", self.fqdn, ca_db)
+                db.create_signing_cert("Signing-Cert", "Object Signing Cert", ca_db)
                 db.create_password_conf()
 
         # Fix the database permissions
-- 
cgit