diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/scriptlets/configuration.py')
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index cc8c7f9b6..5f77ac523 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -236,6 +236,61 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): if external and step_one: return self.rv + if len(deployer.instance.tomcat_instance_subsystems()) < 2: + + deployer.password.create_password_conf( + deployer.mdict['pki_shared_pfile'], + deployer.mdict['pki_pin'], pin_sans_token=True) + + # only create a self signed cert for a new instance + # + # NOTE: ALWAYS create the temporary sslserver certificate + # in the software DB regardless of whether the + # instance will utilize 'softokn' or an HSM + # + rv = deployer.certutil.verify_certificate_exists( + deployer.mdict['pki_database_path'], + deployer.mdict['pki_cert_database'], + deployer.mdict['pki_key_database'], + deployer.mdict['pki_secmod_database'], + deployer.mdict['pki_self_signed_token'], + deployer.mdict['pki_self_signed_nickname'], + password_file=deployer.mdict['pki_shared_pfile']) + + if not rv: + + # note: in the function below, certutil is used to generate + # the request for the self signed cert. The keys are generated + # by NSS, which does not actually use the data in the noise + # file, so it does not matter what is in this file. Certutil + # still requires it though, otherwise it waits for keyboard + # input + with open( + deployer.mdict['pki_self_signed_noise_file'], 'w') as f: + f.write("not_so_random_data") + + deployer.certutil.generate_self_signed_certificate( + deployer.mdict['pki_database_path'], + deployer.mdict['pki_cert_database'], + deployer.mdict['pki_key_database'], + deployer.mdict['pki_secmod_database'], + deployer.mdict['pki_self_signed_token'], + deployer.mdict['pki_self_signed_nickname'], + deployer.mdict['pki_self_signed_subject'], + deployer.mdict['pki_self_signed_serial_number'], + deployer.mdict['pki_self_signed_validity_period'], + deployer.mdict['pki_self_signed_issuer_name'], + deployer.mdict['pki_self_signed_trustargs'], + deployer.mdict['pki_self_signed_noise_file'], + password_file=deployer.mdict['pki_shared_pfile']) + + # Delete the temporary 'noise' file + deployer.file.delete( + deployer.mdict['pki_self_signed_noise_file']) + + # Always delete the temporary 'pfile' + deployer.file.delete(deployer.mdict['pki_shared_pfile']) + # Start/Restart this Tomcat PKI Process # Optionally prepare to enable a java debugger # (e. g. - 'eclipse'): |