summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-server-certinstall
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-03-10 11:02:50 -0500
committerJason Gerard DeRose <jderose@redhat.com>2010-03-19 04:41:05 -0600
commit99cb2fe64a4d6969178544601cb5ba694e65132b (patch)
tree5c4d1921d2ad5f3c6d4d449439a5d6cf840d45dd /install/tools/ipa-server-certinstall
parent00f27fe8c965590624847967ae85167f01fa5307 (diff)
downloadfreeipa-99cb2fe64a4d6969178544601cb5ba694e65132b.zip
freeipa-99cb2fe64a4d6969178544601cb5ba694e65132b.tar.gz
freeipa-99cb2fe64a4d6969178544601cb5ba694e65132b.tar.xz
Initialize the api so imports work, trust all CAs included in the PKCS#12.
Diffstat (limited to 'install/tools/ipa-server-certinstall')
-rwxr-xr-xinstall/tools/ipa-server-certinstall10
1 files changed, 9 insertions, 1 deletions
diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall
index 6ba073d..d02dbbb 100755
--- a/install/tools/ipa-server-certinstall
+++ b/install/tools/ipa-server-certinstall
@@ -31,6 +31,7 @@ from ipapython.ipautil import user_input
from ipaserver import ipaldap
from ipaserver.install import certs, dsinstance, httpinstance, installutils
+from ipalib import api
def get_realm_name():
c = krbV.default_context()
@@ -100,6 +101,7 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password):
try:
try:
cdb.import_pkcs12(pkcs12_fname, pw_name)
+ ca_names = cdb.find_root_cert_from_pkcs12(pkcs12_fname, pw_name)
except RuntimeError, e:
print str(e)
sys.exit(1)
@@ -115,13 +117,19 @@ def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password):
else:
server_cert = choose_server_cert(server_certs)
- cdb.trust_root_cert(server_cert[0])
+ for ca in ca_names:
+ cdb.trust_root_cert(ca)
return server_cert
def main():
options, pkcs12_fname = parse_options()
+ cfg = dict(in_server=True,)
+
+ api.bootstrap(**cfg)
+ api.finalize()
+
try:
if options.dirsrv:
dm_password = getpass.getpass("Directory Manager password: ")