diff options
Diffstat (limited to 'base/server/python/pki')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 1 | ||||
-rw-r--r-- | base/server/python/pki/server/deployment/scriptlets/configuration.py | 13 |
2 files changed, 7 insertions, 7 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index e8591398d..07a5ce4dd 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -492,6 +492,7 @@ class ConfigurationFile: self.external = config.str2bool(self.mdict['pki_external']) self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two']) self.external_step_two = not self.external_step_one + self.external_csr_path = self.mdict['pki_external_csr_path'] if self.external: # generic extension support in CSR - for external CA diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py index ba8cff68e..16c6ae5da 100644 --- a/base/server/python/pki/server/deployment/scriptlets/configuration.py +++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py @@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): external = deployer.configuration_file.external step_one = deployer.configuration_file.external_step_one step_two = deployer.configuration_file.external_step_two + external_csr_path = deployer.configuration_file.external_csr_path try: if external and step_one: # external/existing CA step 1 @@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # If filename specified, generate CA cert request and # import it into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: + if external_csr_path: nssdb.create_request( subject_dn=deployer.mdict['pki_ca_signing_subject_dn'], - request_file=request_file, + request_file=external_csr_path, key_type=key_type, key_size=key_size, curve=curve, hash_alg=hash_alg) - with open(request_file) as f: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr @@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif external and step_two: # external/existing CA step 2 # If specified, import existing CA cert request into CS.cfg. - request_file = deployer.mdict['pki_external_csr_path'] - if request_file: - with open(request_file) as f: + if external_csr_path: + with open(external_csr_path) as f: signing_csr = f.read() signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64') subsystem.config['ca.signing.certreq'] = signing_csr |