diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-17 15:11:08 +1000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-29 08:52:29 +0200 |
commit | b720aa94e9317b857734c08a69fe2dcc0d95bf68 (patch) | |
tree | cbe9d292606d3b0d1e966ea53468db07674d462b /install/restart_scripts | |
parent | 67f13c82d877a9909ab89d3d30eeb7c966cc09e4 (diff) | |
download | freeipa-b720aa94e9317b857734c08a69fe2dcc0d95bf68.tar.gz freeipa-b720aa94e9317b857734c08a69fe2dcc0d95bf68.tar.xz freeipa-b720aa94e9317b857734c08a69fe2dcc0d95bf68.zip |
Update lightweight CA serial after renewal
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.
Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/restart_scripts')
-rw-r--r-- | install/restart_scripts/renew_ca_cert | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index dc0f1117b..186fb34f6 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -78,6 +78,7 @@ def _main(): ca.update_cert_config(nickname, cert) if ca.is_renewal_master(): cainstance.update_people_entry(cert) + cainstance.update_authority_entry(cert) if nickname == 'auditSigningCert cert-pki-ca': # Fix trust on the audit cert |