From dfe9db55484339a8a9f2ce3bd057bd9702bb9579 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 17 Apr 2009 17:17:31 -0400 Subject: Add signing profile to CA installation so we can sign the firefox jar file. Use the requestId we get back from the CA when requesting the RA agent cert and use that to issue the certificate rather than hardcoding 7. This also adds some clean-up of file permissions and leaking fds --- ipaserver/install/httpinstance.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'ipaserver/install/httpinstance.py') diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 0637e3f45..1bd9ffd5c 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -183,6 +183,7 @@ class HTTPInstance(service.Service): db.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ca_db) else: db.create_server_cert("Server-Cert", "CN=%s,OU=ipa-pki,O=IPA" % self.fqdn, ca_db) + db.create_signing_cert("Signing-Cert", "CN=Object Signing Cert,OU=ipa-pki,O=IPA", ca_db) db.create_password_conf() # Fix the database permissions @@ -196,20 +197,12 @@ class HTTPInstance(service.Service): os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid ) def __setup_autoconfig(self): - # FIXME. Need to issue the self-signed cert from the CA as well. - # A special profile is needed from the CS team to do this. - if not self.self_signed_ca: - return prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) prefs_fd = open("/usr/share/ipa/html/preferences.html", "w") prefs_fd.write(prefs_txt) prefs_fd.close() # The signing cert is generated in __setup_ssl - if self.self_signed_ca: - ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(self.realm))) - else: - ca_db = certs.CertDB(NSS_DIR) db = certs.CertDB(NSS_DIR) tmpdir = tempfile.mkdtemp(prefix = "tmp-") -- cgit