diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-04-01 14:18:49 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-04-07 08:59:22 -0400 |
| commit | 4bf70406d300b6d416f13db30f5c530f23170667 (patch) | |
| tree | 892d451a0b879afb8980b0b2cb64b45757540a87 | |
| parent | 2736177938ae7bf1452660cce0fa75a5d7e733ca (diff) | |
| download | freeipa-4bf70406d300b6d416f13db30f5c530f23170667.tar.gz freeipa-4bf70406d300b6d416f13db30f5c530f23170667.tar.xz freeipa-4bf70406d300b6d416f13db30f5c530f23170667.zip | |
Don't let failure to trust the CA abort the server installation.
This error could result in things not working properly but it should be
relatively easy to fix from the command-line. There is no point in
not installing at all due to this.
| -rw-r--r-- | ipaserver/install/certs.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 2df7cb38..4b8a57e9 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -791,8 +791,11 @@ class CertDB(object): if root_nickname[:7] == "Builtin": logging.debug("No need to add trust for built-in root CA's, skipping %s" % root_nickname) else: - self.run_certutil(["-M", "-n", root_nickname, - "-t", "CT,CT,"]) + try: + self.run_certutil(["-M", "-n", root_nickname, + "-t", "CT,CT,"]) + except ipautil.CalledProcessError, e: + logging.error("Setting trust on %s failed" % root_nickname) def find_server_certs(self): p = subprocess.Popen(["/usr/bin/certutil", "-d", self.secdir, |