From 049a4e3e09328bfcdff62dc189ad95917647fb22 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Fri, 20 Jan 2017 11:01:41 -0500
Subject: Add option to remove signing cert entry

In the migration case, it is useful to delete the initially
created signing certificate database record and have that be
imported through the ldif data import instead.

Therefore, we add an option to remove this entry.  The user
also needs to provide the serial number for the entry.

This resolves the following tickets/BZs:
BZ# 1409949/Trac 2573 - CA Certificate Issuance Date displayed
   on CA website incorrect
BZ# 1409946/Trac 2571 -  Request ID undefined for CA signing
   certificate
---
 base/server/python/pki/server/deployment/pkihelper.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'base/server/python')

diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py
index c9fe50d96..2e276f522 100644
--- a/base/server/python/pki/server/deployment/pkihelper.py
+++ b/base/server/python/pki/server/deployment/pkihelper.py
@@ -4020,6 +4020,12 @@ class ConfigClient:
         # Misc CA parameters
         if self.subsystem == "CA":
             data.startingCRLNumber = self.mdict['pki_ca_starting_crl_number']
+            data.createSigningCertRecord = (
+                self.mdict['pki_ca_signing_record_create'].lower()
+            )
+            data.signingCertSerialNumber = (
+                self.mdict['pki_ca_signing_serial_number'].lower()
+            )
 
         return data
 
-- 
cgit