From 58406095925cd3d26ab8eab0c7c7e99cdddf21ea Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 19 Feb 2016 08:42:30 +0100 Subject: Added mechanism to import system certs via PKCS #12 file. The installation tool has been modified to provide an optional pki_server_pkcs12_path property to specify a PKCS #12 file containing certificate chain, system certificates, and third-party certificates needed by the subsystem being installed. If the pki_server_pkcs12_path is specified the installation tool will no longer download the certificate chain from the security domain directly, and it will no longer import the PKCS #12 containing the entire master NSS database specified in pki_clone_pkcs12_path. For backward compatibility, if the pki_server_pkcs12_path is not specified the installation tool will use the old mechanism to import the system certificates. The ConfigurationUtils.verifySystemCertificates() has been modified not to catch the exception to help troubleshooting. https://fedorahosted.org/pki/ticket/1742 --- base/server/python/pki/server/deployment/pkiparser.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'base/server/python/pki/server/deployment/pkiparser.py') diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index e5e02a09e..755a5cdce 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -333,8 +333,10 @@ class PKIConfigParser: 'pki_client_pkcs12_password', 'pki_ds_password', 'pki_pin', - 'pki_replicationdb_password', - 'pki_security_domain_password') + 'pki_replication_password', + 'pki_security_domain_password', + 'pki_server_pkcs12_password', + 'pki_token_password') print 'Loading deployment configuration from ' + \ config.user_deployment_cfg + '.' -- cgit