diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-11-18 17:51:28 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-11-25 09:57:14 -0700 |
commit | 986c4e23e7f640911cbe72129dc3f675438f35d4 (patch) | |
tree | f105cfbff195b2df74cff38b4edf70e23470debc | |
parent | 87d93e2c74e07ae7c673c1e4e1c24daa2fc7e269 (diff) | |
download | freeipa-986c4e23e7f640911cbe72129dc3f675438f35d4.tar.gz freeipa-986c4e23e7f640911cbe72129dc3f675438f35d4.tar.xz freeipa-986c4e23e7f640911cbe72129dc3f675438f35d4.zip |
Point to correct location of self-signed CA and set pw on 389-DS cert db
The CA was moved from residing in the DS NSS database into the Apache
database to support a self-signed CA certificate plugin. This was not
updated in the installer boilerplate.
The DS db wasn't getting a password set on it. Go ahead and set one.
-rwxr-xr-x | install/tools/ipa-server-install | 4 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 44fc5fde..be525f73 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -836,8 +836,8 @@ def main(): print "" if not options.dirsrv_pkcs12: - print "Be sure to back up the CA certificate stored in " + dsinstance.config_dirname(ds.serverid) + "cacert.p12" - print "The password for this file is in " + dsinstance.config_dirname(ds.serverid) + "pwdfile.txt" + print "Be sure to back up the CA certificate stored in /etc/httpd/alias/cacert.p12" + print "The password for this file is in /etc/httpd/alias/pwdfile.txt" else: print "In order for Firefox autoconfiguration to work you will need to" print "use a SSL signing certificate. See the IPA documentation for more details." diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 254c575c..60436dee 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -340,7 +340,7 @@ class DsInstance(service.Service): cadb = certs.CertDB(httpinstance.NSS_DIR, host_name=self.host_name) if self.self_signed_ca: cadb.create_self_signed() - dsdb.create_from_cacert(cadb.cacert_fname) + dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) dsdb.create_server_cert("Server-Cert", self.host_name, cadb) dsdb.create_pin_file() else: |