diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-12-05 07:00:21 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-12-10 10:28:08 -0500 |
commit | 2bdffa4375d3fb657e5b5a65cb326aff77e35e09 (patch) | |
tree | 68c12b919adf69d26ec2be332e4030507e0d401c | |
parent | dae4ea4c7ebd8af832bd599493262aa068ccbb82 (diff) | |
download | freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.gz freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.xz freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.zip |
Use DN objects for Dogtag configuration
Use our DN objects for generating DNs, instead of relying on
string operations.
-rw-r--r-- | ipaserver/install/cainstance.py | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index e2112a28..e7b63f81 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -656,7 +656,8 @@ class CAInstance(service.Service): config.set("CA", "pki_admin_email", "root@localhost") config.set("CA", "pki_admin_password", self.admin_password) config.set("CA", "pki_admin_nickname", "ipa-ca-agent") - config.set("CA", "pki_admin_subject_dn", "CN=ipa-ca-agent,%s" % self.subject_base) + config.set("CA", "pki_admin_subject_dn", + str(DN(('cn', 'ipa-ca-agent'), self.subject_base))) # Directory server config.set("CA", "pki_ds_ldap_port", str(self.ds_port)) @@ -665,11 +666,16 @@ class CAInstance(service.Service): config.set("CA", "pki_ds_database", "ipaca") # Certificate subject DN's - config.set("CA", "pki_subsystem_subject_dn", "CN=CA Subsystem,%s" % self.subject_base) - config.set("CA", "pki_ocsp_signing_subject_dn", "CN=OCSP Subsystem,%s" % self.subject_base) - config.set("CA", "pki_ssl_server_subject_dn", "CN=%s,%s" % (self.fqdn, self.subject_base)) - config.set("CA", "pki_audit_signing_subject_dn", "CN=CA Audit,%s" % self.subject_base) - config.set("CA", "pki_ca_signing_subject_dn", "CN=Certificate Authority,%s" % self.subject_base) + config.set("CA", "pki_subsystem_subject_dn", + str(DN(('cn', 'CA Subsystem'), self.subject_base))) + config.set("CA", "pki_ocsp_signing_subject_dn", + str(DN(('cn', 'OCSP Subsystem'), self.subject_base))) + config.set("CA", "pki_ssl_server_subject_dn", + str(DN(('cn', self.fqdn), self.subject_base))) + config.set("CA", "pki_audit_signing_subject_dn", + str(DN(('cn', 'CA Audit'), self.subject_base))) + config.set("CA", "pki_ca_signing_subject_dn", + str(DN(('cn', 'Certificate Authority'), self.subject_base))) # Certificate nicknames config.set("CA", "pki_subsystem_nickname", "subsystemCert cert-pki-ca") |