From e3449617d90f5f73afdb568cc2f43769e5ea760b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 14 Apr 2016 23:21:57 +0200
Subject: Added PKCS #12 deployment properties.

New PKCS #12 deployment properties have been added as aliases
for some external CA properties to allow them to be used in
more general cases:
- pki_pkcs12_path     -> pki_external_pkcs12_path
- pki_pkcs12_password -> pki_external_pkcs12_password

https://fedorahosted.org/pki/ticket/1736
---
 .../server/python/pki/server/deployment/scriptlets/configuration.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'base/server/python')

diff --git a/base/server/python/pki/server/deployment/scriptlets/configuration.py b/base/server/python/pki/server/deployment/scriptlets/configuration.py
index f93a24723..b5d743894 100644
--- a/base/server/python/pki/server/deployment/scriptlets/configuration.py
+++ b/base/server/python/pki/server/deployment/scriptlets/configuration.py
@@ -158,8 +158,6 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     subsystem.config['ca.signing.certreq'] = signing_csr
 
                 # If specified, import externally-signed CA cert into NSS database.
-                # Note: CA cert must be imported before the cert chain to ensure that
-                # the CA cert is imported with the correct nickname.
                 signing_nickname = deployer.mdict['pki_ca_signing_nickname']
                 signing_cert_file = deployer.mdict['pki_external_ca_cert_path']
                 if signing_cert_file:
@@ -168,13 +166,15 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                         cert_file=signing_cert_file,
                         trust_attributes='CT,C,C')
 
-                # If specified, import CA cert and key from PKCS #12 file into NSS database.
+                # If specified, import certs and keys from PKCS #12 file into NSS database.
                 pkcs12_file = deployer.mdict['pki_external_pkcs12_path']
                 if pkcs12_file:
                     pkcs12_password = deployer.mdict['pki_external_pkcs12_password']
                     nssdb.import_pkcs12(pkcs12_file, pkcs12_password)
 
                 # If specified, import cert chain into NSS database.
+                # Note: Cert chain must be imported after the system certs to ensure that
+                # the system certs are imported with the correct nicknames.
                 external_ca_cert_chain_nickname = \
                     deployer.mdict['pki_external_ca_cert_chain_nickname']
                 external_ca_cert_chain_file = deployer.mdict['pki_external_ca_cert_chain_path']
-- 
cgit