summaryrefslogtreecommitdiffstats
path: root/base/server/python
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python')
-rw-r--r--base/server/python/pki/server/deployment/scriptlets/security_databases.py13
1 files changed, 11 insertions, 2 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
index 99daf1564..e80a1d0f4 100644
--- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py
+++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py
@@ -150,8 +150,17 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# Import certificates
nssdb.import_pkcs12(
pkcs12_file=pki_clone_pkcs12_path,
- pkcs12_password=pki_clone_pkcs12_password,
- no_user_certs=True)
+ pkcs12_password=pki_clone_pkcs12_password)
+
+ # Set certificate trust flags
+ if subsystem.type == 'CA':
+ nssdb.modify_cert(
+ nickname=deployer.mdict['pki_ca_signing_nickname'],
+ trust_attributes='CTu,Cu,Cu')
+
+ nssdb.modify_cert(
+ nickname=deployer.mdict['pki_audit_signing_nickname'],
+ trust_attributes='u,u,Pu')
print('Imported certificates in %s:' % deployer.mdict['pki_database_path'])
generated by cgit (git 2.34.1) at 2026-01-18 14:39:19 +0000