diff options
-rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 7 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 6 |
2 files changed, 8 insertions, 5 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 6da7f6dbf..e39da4a21 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -36,6 +36,7 @@ from ipapython import ipautil from ipapython.dn import DN from ipalib import api, errors, pkcs10, x509 from ipaserver.plugins.ldap2 import ldap2 +from ipaserver.install import cainstance, certs # This is a certmonger CA helper script for IPA CA subsystem cert renewal. See # https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/submit.txt for more @@ -256,7 +257,11 @@ def main(): if profile: handler = handlers.get(profile, request_and_store_cert) else: - handler = request_and_store_cert + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(): + handler = request_and_store_cert + else: + handler = retrieve_cert res = handler() for item in res[1:]: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 99c008a67..6180e42b7 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -925,8 +925,7 @@ class CAInstance(service.Service): pinfile='/etc/httpd/alias/pwdfile.txt', secdir='/etc/httpd/alias', pre_command=None, - post_command='restart_httpd', - profile='ipaRetrieval') + post_command='restart_httpd') except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to start tracking certificate: %s" % str(e)) @@ -1504,8 +1503,7 @@ class CAInstance(service.Service): pinfile=None, secdir=self.dogtag_constants.ALIAS_DIR, pre_command='stop_pkicad', - post_command='restart_pkicad "%s"' % nickname, - profile='ipaRetrieval') + post_command='restart_pkicad "%s"' % nickname) except (ipautil.CalledProcessError, RuntimeError), e: root_logger.error( "certmonger failed to start tracking certificate: " |