diff options
Diffstat (limited to 'install/tools')
| -rwxr-xr-x | install/tools/ipa-replica-install | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 13 | ||||
| -rwxr-xr-x | install/tools/ipa-server-certinstall | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 13 |
4 files changed, 15 insertions, 15 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c539e751..3d6f4743 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -158,7 +158,7 @@ def install_ca(config): cs = cainstance.CADSInstance() cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password) - ca = cainstance.CAInstance(config.realm_name) + ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR) ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base) return ca diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index d70741f1..b9e3425e 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -27,7 +27,7 @@ import krbV from optparse import OptionParser from ipapython import ipautil -from ipaserver.install import bindinstance, dsinstance, installutils, certs, httpinstance +from ipaserver.install import bindinstance, dsinstance, installutils, certs from ipaserver.install.bindinstance import add_zone, add_reverze_zone, add_rr, add_ptr_rr from ipaserver.plugins.ldap2 import ldap2 from ipapython import version @@ -123,14 +123,9 @@ def export_certdb(realm_name, ds_dir, dir, passwd_fname, fname, hostname, subjec try: self_signed = certs.ipa_self_signed() - db = certs.CertDB(dir, realm_name, subject_base=subject_base) + db = certs.CertDB(realm_name, nssdir=dir, subject_base=subject_base) db.create_passwd_file() -# if self_signed: -# ca_db = certs.CertDB(dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))) -# db.create_from_cacert(ca_db.cacert_fname) -# else: -# ca_db = certs.CertDB(httpinstance.NSS_DIR, host_name=api.env.host) - ca_db = certs.CertDB(httpinstance.NSS_DIR, realm_name, host_name=api.env.host, subject_base=subject_base) + ca_db = certs.CertDB(realm_name, host_name=api.env.host, subject_base=subject_base) if is_kdc: ca_db.create_kdc_cert("KDC-Cert", hostname, dir) else: @@ -177,7 +172,7 @@ def export_ra_pkcs12(dir, dm_password): try: try: - db = certs.CertDB(httpinstance.NSS_DIR, api.env.realm, host_name=api.env.host) + db = certs.CertDB(api.env.realm, host_name=api.env.host) if db.has_nickname("ipaCert"): pkcs12_fname = "%s/ra.p12" % dir diff --git a/install/tools/ipa-server-certinstall b/install/tools/ipa-server-certinstall index 4b460535..5c6b25bc 100755 --- a/install/tools/ipa-server-certinstall +++ b/install/tools/ipa-server-certinstall @@ -89,7 +89,7 @@ def choose_server_cert(server_certs): return server_certs[num - 1] def import_cert(dirname, pkcs12_fname, pkcs12_passwd, db_password): - cdb = certs.CertDB(dirname, api.env.realm) + cdb = certs.CertDB(api.env.realm, nssdir=dirname) cdb.create_passwd_file(db_password) cdb.create_certdbs() [pw_fd, pw_name] = tempfile.mkstemp() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 67c1a004..7fa6c71d 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -420,8 +420,8 @@ def uninstall(): ntpinstance.NTPInstance(fstore).uninstall() if cainstance.CADSInstance().is_configured(): cainstance.CADSInstance().uninstall() - if cainstance.CAInstance(api.env.realm).is_configured(): - cainstance.CAInstance(api.env.realm).uninstall() + if cainstance.CAInstance(api.env.realm, certs.NSS_DIR).is_configured(): + cainstance.CAInstance(api.env.realm, certs.NSS_DIR).uninstall() bindinstance.BindInstance(fstore).uninstall() httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() @@ -693,7 +693,12 @@ def main(): ntp = ntpinstance.NTPInstance(fstore) ntp.create_instance() - if not options.selfsign: + if options.selfsign: + ca = certs.CertDB(realm_name, host_name=host_name, + subject_base=options.subject) + ca.create_self_signed() + ca.publish_ca_cert("/etc/ipa/ca.crt") + else: # Clean up any previous self-signed CA that may exist try: os.remove(certs.CA_SERIALNO) @@ -720,7 +725,7 @@ def main(): if options.external_cert_file is None: cs = cainstance.CADSInstance() cs.create_instance("pkisrv", realm_name, host_name, domain_name, dm_password) - ca = cainstance.CAInstance(realm_name) + ca = cainstance.CAInstance(realm_name, certs.NSS_DIR) if external == 0: ca.configure_instance("pkiuser", host_name, dm_password, dm_password, subject_base=options.subject) elif external == 1: |