2 files changed, 28 insertions, 21 deletions
diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index 8c6b52368..8086f1c50 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -490,6 +490,34 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 admin_cert = response['adminCert']['cert']
                 deployer.config_client.process_admin_cert(admin_cert)
 
+        if len(deployer.instance.tomcat_instance_subsystems()) == 1:
+            # Modify contents of 'serverCertNick.conf' (if necessary)
+            deployer.servercertnick_conf.modify()
+
+        # Optionally, programmatically 'restart' the configured PKI instance
+        if not config.str2bool(deployer.mdict['pki_restart_configured_instance']):
+            return
+
+        deployer.systemd.restart()
+
+        # wait for startup
+        status = None
+
+        if deployer.fips.is_fips_enabled():
+            # must use 'http' protocol when FIPS mode is enabled
+            status = deployer.instance.wait_for_startup(
+                60, secure_connection=False)
+
+        else:
+            status = deployer.instance.wait_for_startup(
+                60, secure_connection=True)
+
+        if not status:
+            config.pki_log.error(
+                "server failed to restart",
+                extra=config.PKI_INDENTATION_LEVEL_1)
+            raise RuntimeError("server failed to restart")
+
     def destroy(self, deployer):
 
         config.pki_log.info(log.CONFIGURATION_DESTROY_1, __name__,
diff --git a/base/server/python/pki/server/deployment/scriptlets/finalization.py b/base/server/python/pki/server/deployment/scriptlets/finalization.py
index ef750b95d..e62051f13 100644
--- a/base/server/python/pki/server/deployment/scriptlets/finalization.py
+++ b/base/server/python/pki/server/deployment/scriptlets/finalization.py
@@ -50,27 +50,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             deployer.systemd.disable()
         else:
             deployer.systemd.enable()
-        if len(deployer.instance.tomcat_instance_subsystems()) == 1:
-            # Modify contents of 'serverCertNick.conf' (if necessary)
-            deployer.servercertnick_conf.modify()
-
-        # Optionally, programmatically 'restart' the configured PKI instance
-        if config.str2bool(deployer.mdict['pki_restart_configured_instance']):
-            deployer.systemd.restart()
-            # wait for startup
-            status = None
-            if deployer.fips.is_fips_enabled():
-                # must use 'http' protocol when FIPS mode is enabled
-                status = deployer.instance.wait_for_startup(
-                    60, secure_connection=False)
-            else:
-                status = deployer.instance.wait_for_startup(
-                    60, secure_connection=True)
-            if status is None:
-                config.pki_log.error(
-                    "server failed to restart",
-                    extra=config.PKI_INDENTATION_LEVEL_1)
-                raise RuntimeError("server failed to restart")
 
         # Optionally, 'purge' the entire temporary client infrastructure
         # including the client NSS security databases and password files