diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-08-05 09:06:39 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-05 13:59:04 +0200 |
commit | 6ad8c464a43260f8f58dc262f841c35be35b57b5 (patch) | |
tree | d596fb119f94b21a2c01c839a0659b74a4aacf6f /ipaserver/install/ipa_server_certinstall.py | |
parent | 418ce870bfbe13cea694a7b862cafe35c703f660 (diff) | |
download | freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.tar.gz freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.tar.xz freeipa-6ad8c464a43260f8f58dc262f841c35be35b57b5.zip |
Make CA-less ipa-server-install option --root-ca-file optional.
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.
Document --root-ca-file in ipa-server-install man page.
https://fedorahosted.org/freeipa/ticket/4457
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaserver/install/ipa_server_certinstall.py')
-rw-r--r-- | ipaserver/install/ipa_server_certinstall.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index af5d21a2a..6300a14ae 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -154,7 +154,7 @@ class ServerCertInstall(admintool.AdminTool): os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid) def import_cert(self, dirname, pkcs12_passwd, old_cert, principal, command): - server_cert = installutils.check_pkcs12( + installutils.check_pkcs12( pkcs12_info=(self.pkcs12_fname, pkcs12_passwd), ca_file=CACERT, hostname=api.env.host) @@ -166,6 +166,7 @@ class ServerCertInstall(admintool.AdminTool): cdb.delete_cert(old_cert) cdb.import_pkcs12(self.pkcs12_fname, pkcs12_passwd) + server_cert = cdb.find_server_certs()[0][0] if api.env.enable_ra: cdb.track_server_cert(server_cert, principal, cdb.passwd_fname, |