diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-03-14 16:27:19 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-15 14:09:57 -0400 |
commit | 861d1bbdca4793fb45fb233d236d3793cc23da36 (patch) | |
tree | ccb169d140cd119b07435b675ca11df8f7bff067 /ipaserver/install/httpinstance.py | |
parent | a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff) | |
download | freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.gz freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.xz freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.zip |
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r-- | ipaserver/install/httpinstance.py | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 4f876c9b..e53c01e1 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -186,6 +186,7 @@ class HTTPInstance(service.Service): # We only handle one server cert nickname = server_certs[0][0] self.dercert = db.get_cert_from_db(nickname) + db.track_server_cert(nickname, self.principal, db.passwd_fname) self.__set_mod_nss_nickname(nickname) else: |