From 6980b073035cdd43b30b58aba3ce7f84f16a14ad Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 11 Jul 2008 11:34:29 -0400 Subject: Rework the way SSL certificates are imported from PKCS#12 files. Add the ability to provide PKCS#12 files during initial installation Add the ability to provide PKCS#12 files when preparing a replica Correct some issues with ipa-server-certinstall 452402 --- ipa-server/ipaserver/dsinstance.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'ipa-server/ipaserver/dsinstance.py') diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 540ff686..d313b4ed 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -324,9 +324,16 @@ class DsInstance(service.Service): ca = certs.CertDB(dirname) if self.pkcs12_info: ca.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1]) + server_certs = ca.find_server_certs() + if len(server_certs) == 0: + raise RuntimeError("Could not find a suitable server cert in import in %s" % pkcs12_info[0]) + + # We only handle one server cert + nickname = server_certs[0][0] else: ca.create_self_signed() ca.create_server_cert("Server-Cert", "cn=%s,ou=Fedora Directory Server" % self.host_name) + nickname = "Server-Cert" conn = ipaldap.IPAdmin("127.0.0.1") conn.simple_bind_s("cn=directory manager", self.dm_password) @@ -347,7 +354,7 @@ class DsInstance(service.Service): entry.setValues("objectclass", "top", "nsEncryptionModule") entry.setValues("cn", "RSA") - entry.setValues("nsSSLPersonalitySSL", "Server-Cert") + entry.setValues("nsSSLPersonalitySSL", nickname) entry.setValues("nsSSLToken", "internal (software)") entry.setValues("nsSSLActivation", "on") -- cgit