summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/httpinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-03-14 16:27:19 -0400
committerRob Crittenden <rcritten@redhat.com>2011-03-15 14:09:57 -0400
commit861d1bbdca4793fb45fb233d236d3793cc23da36 (patch)
treeccb169d140cd119b07435b675ca11df8f7bff067 /ipaserver/install/httpinstance.py
parenta36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff)
downloadfreeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.gz
freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.xz
freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.zip
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r--ipaserver/install/httpinstance.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 4f876c9b..e53c01e1 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -186,6 +186,7 @@ class HTTPInstance(service.Service):
# We only handle one server cert
nickname = server_certs[0][0]
self.dercert = db.get_cert_from_db(nickname)
+ db.track_server_cert(nickname, self.principal, db.passwd_fname)
self.__set_mod_nss_nickname(nickname)
else:
generated by cgit (git 2.34.1) at 2024-05-03 19:07:37 +0000