diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-12-08 16:35:12 -0500 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-12-10 12:28:38 -0500 |
| commit | bfaea1dd78bbf6de0248ef8e33784d57ead9d24a (patch) | |
| tree | d4a027d5056ea909017536de111d47394e9271b3 /install/tools/ipa-replica-prepare | |
| parent | 2efc08a6fc8c0407ff2169e3ef7eed92eaaa6545 (diff) | |
| download | freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.gz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.tar.xz freeipa-bfaea1dd78bbf6de0248ef8e33784d57ead9d24a.zip | |
Move Selfsigned CA creation out of dsinstance
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
Diffstat (limited to 'install/tools/ipa-replica-prepare')
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index d70741f1..b9e3425e 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -27,7 +27,7 @@ import krbV from optparse import OptionParser from ipapython import ipautil -from ipaserver.install import bindinstance, dsinstance, installutils, certs, httpinstance +from ipaserver.install import bindinstance, dsinstance, installutils, certs from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -123,14 +123,9 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subjec try: self_signed = certs.ipa_self_signed() - db = certs.CertDB(dir, realm_name, subject_base=subject_base) + db = certs.CertDB(realm_name, nssdir=dir, subject_base=subject_base) db.create_passwd_file() -# if self_signed: -# ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))) -# db.create_from_cacert(ca_db.cacert_fname) -# else: -# ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host) - ca_db = certs.CertDB(httpinstance.NSS_DIR, realm_name, host_name=api.env.host, subject_base=subject_base) + ca_db = certs.CertDB(realm_name, host_name=api.env.host, subject_base=subject_base) if is_kdc: ca_db.create_kdc_cert("KDC-Cert", hostname, dir) else: @@ -177,7 +172,7 @@ def export_ra_pkcs12(dir, dm_password): try: try: - db = certs.CertDB(httpinstance.NSS_DIR, api.env.realm, host_name=api.env.host) + db = certs.CertDB(api.env.realm, host_name=api.env.host) if db.has_nickname("ipaCert"): pkcs12_fname = "%s/ra.p12" % dir |