diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-07-10 16:18:16 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-07-15 09:00:01 -0400 |
| commit | 8d164569d0e4ee79089ae224ac6f5a569c291cdb (patch) | |
| tree | a75db1b23693315d1b35bad891ea6c86019d7149 /ipapython | |
| parent | 904e55540438cfd88507fa747daa585605b90bdb (diff) | |
| download | freeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.tar.gz freeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.tar.xz freeipa-8d164569d0e4ee79089ae224ac6f5a569c291cdb.zip | |
Allow replicas of an IPA server using an internal dogtag server as the CA
This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.
Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dogtag.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 684754f4..75ecbf6d 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -21,12 +21,14 @@ from ipalib import api, errors import httplib import xml.dom.minidom -def get_ca_certchain(): +def get_ca_certchain(ca_host=None): """ Retrieve the CA Certificate chain from the configured Dogtag server. """ + if ca_host is None: + ca_host = api.env.ca_host chain = None - conn = httplib.HTTPConnection(api.env.ca_host, 9180) + conn = httplib.HTTPConnection(ca_host, 9180) conn.request("GET", "/ca/ee/ca/getCertChain") res = conn.getresponse() if res.status == 200: @@ -42,8 +44,8 @@ def get_ca_certchain(): item_node = doc.getElementsByTagName("Error") reason = item_node[0].childNodes[0].data raise errors.RemoteRetrieveError(reason=reason) - except: - raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed") + except Exception, e: + raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed: %s" % str(e)) finally: doc.unlink() |