2 files changed, 7 insertions, 7 deletions

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index e8591398d..07a5ce4dd 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -492,6 +492,7 @@ class ConfigurationFile:
         self.external = config.str2bool(self.mdict['pki_external'])
         self.external_step_one = not config.str2bool(self.mdict['pki_external_step_two'])
         self.external_step_two = not self.external_step_one
+        self.external_csr_path = self.mdict['pki_external_csr_path']
 
         if self.external:
             # generic extension support in CSR - for external CA
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index ba8cff68e..16c6ae5da 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -96,6 +96,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
         external = deployer.configuration_file.external
         step_one = deployer.configuration_file.external_step_one
         step_two = deployer.configuration_file.external_step_two
+        external_csr_path = deployer.configuration_file.external_csr_path
 
         try:
             if external and step_one: # external/existing CA step 1
@@ -127,16 +128,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
 
                 # If filename specified, generate CA cert request and
                 # import it into CS.cfg.
-                request_file = deployer.mdict['pki_external_csr_path']
-                if request_file:
+                if external_csr_path:
                     nssdb.create_request(
                         subject_dn=deployer.mdict['pki_ca_signing_subject_dn'],
-                        request_file=request_file,
+                        request_file=external_csr_path,
                         key_type=key_type,
                         key_size=key_size,
                         curve=curve,
                         hash_alg=hash_alg)
-                    with open(request_file) as f:
+                    with open(external_csr_path) as f:
                         signing_csr = f.read()
                     signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
                     subsystem.config['ca.signing.certreq'] = signing_csr
@@ -150,9 +150,8 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             elif external and step_two: # external/existing CA step 2
 
                 # If specified, import existing CA cert request into CS.cfg.
-                request_file = deployer.mdict['pki_external_csr_path']
-                if request_file:
-                    with open(request_file) as f:
+                if external_csr_path:
+                    with open(external_csr_path) as f:
                         signing_csr = f.read()
                     signing_csr = pki.nss.convert_csr(signing_csr, 'pem', 'base64')
                     subsystem.config['ca.signing.certreq'] = signing_csr