diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-03-14 16:27:19 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-15 14:09:57 -0400 |
commit | 861d1bbdca4793fb45fb233d236d3793cc23da36 (patch) | |
tree | ccb169d140cd119b07435b675ca11df8f7bff067 /install/tools/ipa-replica-prepare | |
parent | a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff) | |
download | freeipa.git-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.gz freeipa.git-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.xz freeipa.git-861d1bbdca4793fb45fb233d236d3793cc23da36.zip |
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
Diffstat (limited to 'install/tools/ipa-replica-prepare')
-rwxr-xr-x | install/tools/ipa-replica-prepare | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 36e34d78..e9122351 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -338,6 +338,14 @@ def main(): print "%s" % e sys.exit(1) + if not certs.ipa_self_signed(): + print "Creating SSL certificate for the dogtag Directory Server" + try: + export_certdb(api.env.realm, ds_dir, dir, passwd_fname, "dogtagcert", replica_fqdn, subject_base) + except errors.CertificateOperationError, e: + print "%s" % e + sys.exit(1) + if options.http_pin: passwd = options.http_pin else: |